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Real-world  IT 

IT  executives  weigh  in  on  utility  comput¬ 
ing,  getting  a  strategic  edge  from  IT  and 
more.  Conference  coverage  PAGE  8. 


Where’s  MIMO? 

Fblitical  standoff  in  IEEE  slows  progress 
of  much-anticipated  100M  bit/sec 
wireless  LAN  standard.  PAGE  48. 
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\  ^  e  name  to  live  on,  deal  marks  end  of  era 


retain  its  long-distance,  equip¬ 
ment  manufacturing  and 
R&D  operations.  “Without  the 
local  exchange,  you  had  no 
future,"  Block  .says. 

Divesting  the  RBOCs  was 

only  one  of  a  string  of  pie- and 

post-breakup  . 

blunders  that  ' Jus,lce 

led  to  the  DTr“"e"t 

demise  of  this  „  ® 

,  .,,,  ,  .  SBC-AT&T, 

1  30-vear-old  „  . 

.  ,  Verizon-M 

American  bust- 

,  deals, 
ness  icon. whose  .... 

,  ,  PAGE  64. 

stock  was  once 

the  most  widely  held  in  the 
country:  Although  the  brand 
AT&T  will  live  on.  with  SBC 
adopting  it  as  its  new  corpo¬ 
rate  name,  the  company  as  we 
;  AT&T,  page  64 


BY  JIM  DUFFY 

AND  DENISE  PAPPALARDO 

Ed  Block  knew  the  future 
was  blenk.'AVhat  the  hell 
do  we  do  now?”  lie 
, isle  d  mself  w  hen  AT&T 
agreed  to  the  I 9S4  consent 
decree  th.it  broke  up  the 
tany  and  gave  birth  to 
tin-  regional  Bell  operating 
companies,  one  of  which. 
SBC.  is  finalizing  its  $16:  bil¬ 
lion  acquisition  of  AT&T. 

Block,  then  senior  vice  pres¬ 
ident  of  advertising  and  assis¬ 
tant  to  AT&T  Chairman 
Charles  Brown,  knew  the 
company  made  a  catastroph- 
>n  when  it  agreed  to 
divest  its  local-exchange 
assets  in  return  for  the  right  to 


RBOCs  tout  promise 
of  next-gen  services 


BY  JIM  DUFFY 

LAS  VEGAS  —  Look  for  the  RBOCs  to  sidestep  a 
number  of  technological  obstacles  and  make  signifi¬ 
cant  progress  on  IP  Multimedia  Subsystems,  wireless 
broadband  and  fiber-based  video  initiatives  over  the 
next  year,  a  sign  that  compelling  new  services  for 
businesses  and  consumers  are  imminent. 

Such  was  the  word  last  week  from  the  CTOs  of  Bell¬ 
South,  Qwest,  SBC  and  Verizon  as  they  shared  their 
companies’  strategic  plans  during  the  Telecom  ’05 
conference.The  Las  Vegas  event  attracted  a  few  thou¬ 
sand  attendees  and  230  exhibitors. 

Next-generation  telecom  networks  will  be  “device 


aware,  end  user  aware  and  application  aware,”  said 
SBC  CTO  Chris  Rice.  “Customers  should  not  have  to 
think, ‘What  network  am  I  on?’” 

IMS  standards  are  key  to  enabling  that,  Rice  and 
the  other  CTOs  say.  IMS  is  an  architecture  that  essen¬ 
tially  takes  the  place  of  the  control  infrastructure  in 
traditional  circuit-switched  telephone  networks, 
separating  services  from  the  underlying  networks 
that  carry  them. 

Created  by  the  Third  Generation  Partnership  Pro¬ 
ject,  IMS  uses  Session  Initiation  Protocol  (SIP)  as  its 
signaling  method  for  setting  up  calls  and  handling 

See  CTO,  page  16 


Chevron  has 
had  it  with 
passwords 


- •  WiderNet _ 

Cisco  in  space 

Router  in  orbit  puts  more  wide  into  WAN. 


BY  JOHN  FONTANA 

Chevron  early  next  year  plans  to 
eliminate  the  last  of  50,000  net¬ 
work  passwords,  finalizing  a  tran¬ 
sition  to  a  smart  card-based  sys¬ 
tem  designed  to  dramatically  in¬ 
crease  security  and  privacy  while 
cutting  costs. 

In  January  users  in  200  countries 
and  in  1,800  offices  worldwide 
will  have  no  other  means  to  log 
on  to  the  network  and  gain  access 
to  resources  other  than  their 
Chevron  SmartBadge,  a  plastic 
card  with  three  chips  that  support 
building  and  network  access, 
desktop  logon  and  single  sign-on 
to  nearly  3,000  applications. 

The  password’s  death  is  a  mile¬ 
stone  four  years  in  the  making. 
During  that  time,  the  oil  giant  has 
See  Chevron,  page  14 


BY  PHIL  HOCHMUTH 

If  you  are  a  router  com¬ 
pany  with  as  much  as 
80%  market  share  and  a 
$3.2  billion  R&D  budget  to 
play  with,  why  not  bolt  a 
router  to  a  rocket  and 
shoot  it  into  orbit? 

This  is  what  a  group  of 
engineers  at  Cisco  did  as 
part  of  its  Cisco  Low  Earth 
Orbit  (CLEO)  project, 
which  recently  completed  its  second  year  orbiting  Earth.  CLEO 
is  a  modified  version  of  Cisco’s  Mobile  Access  Router,  typically 
used  to  connect  computer  equipment  in  police  cars,  ambu¬ 
lances,  airplanes  and  other  vehicles  to  an  IP  network. 

Cisco  says  the  project  is  a  proof-of-concept  exercise  designed 
to  show  the  aerospace  industry  that  commercial  IP  technology 
is  space-worthy. 

See  Outer  space,  page  12 
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YOUR  NETWORK  APPLICATION 
IS  A  CHEETAH. 

ON  EIGHTEEN  CUPS  OF  COFFEE. 
ABOARD  A  ROCKET. 

IN  A  HURRY. 


OVERACHIEVE. 


F5  will  make  your  network  applications  scream  with  speed.  65%  faster  on 
average.  At  the  same  time,  ensuring  absolute  security  and  availability. 

The  F5  mission  is  to  make  your  applications  do  what  they  were  designed  to  do:  perform. 
More  than  9,000  organizations  around  the  world  overachieve  with  F5  Networks.  Can  yours? 


THE  WORLD  RUNS  BETTER  WITH  F5 


WWW.F5.COM 


The  new  Canon  imageRUNNER  solutions  and  support  addressed 
Don’s  concerns  about  seamless  network  integration,  secured  printing 
and  managing  network  devices.  Hence,  Don’s  no  longer  concerned. 


Don’s  company  isn’t  doing  business  as  usual.  What  about  your  company?  We’re  well  aware  of  your  daily  challenges  as  the  gatekeeper 

of  your  company’s  network.  And  we  totally  understand.  That’s  why  Canon’s  imageRUNNER®solutions  are  raising  the  bar  for  how  well  network  devices 
work  and  how  seamlessly  they’re  integrated.  You’ll  appreciate  enhanced  security  features  that  include  a  secured  print  function  for  document 
confidentiality,  user  authentication,  NetSpot®and  Remote  1)1™  for  easily  managing  network  devices.  In  addition,  you  get  entirely  new  systems  across 
our  full  line  of  imageRUNNER  solutions,  which  offer  intuitive  technology  that  works  with  you,  not  against  you.  You 

can  also  expect  your  current  investment  to  be  leveraged,  your  concerns  to  be  addressed  and  the  potential  of  your  I  B  It 

workday  to  be  expanded.  Which  means  no  more  business  as  usual.  1-800-OK-CANON  www.imagerunner.com 

Canon,  IMAGERUNNER  and  NetSpot  are  registered  trademarks  ol  Canon  Inc.,  in  the  United  States  and  may  also  be  registered  trademarks  In  other  countries.  IMAGEANYWARE  and  Remote  Ul  are  trademarks  of  Canon  U.S.A.,  Inc. 
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COOLTOOLS 

The  AOpen  miniPC  is  an 
example  of  the  “slow  PC" 
movement  that  says  PCs 
should  be  elegant,  simple  to 
use  and  refined.  Page  44. 
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46  On  Technology:  Turning  back  the 
clock  10  years. 

47  Joel  Snyder:  Sourcefire  may 
resurrect  Check  Point. 
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66  Net  Buzz:  Serious  companies 
getting  serious  about  blogging. 


Clear  Choice  Test: 

Thunderstone  Software’s  Thunderstone  Search  Appliance 

proves  to  be  a  fast  and  flexible  search  platform  at  an  affordable 

price.  Pago  54. 
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Forum:  The  network  world  10 
years  ago 

NetworkWorld.com  turns  10  this 
week,  and  columnist  Chuck  Yoke 
looks  back  at  what  his  network  world 
was  like  in  1995.  Read  his  reminis¬ 
cences,  then  head  into  our  forum  to 
add  your  own.  DocFinder:  9344 

Reconsidering  the  shifting  past 

IT  Borderlands'  Ken  Fasimpaur  also 
looks  back  on  his  past  10  years  in 
networking:  "None  of  us . , .  really 
knew  what  was  going  on  around  us 
technologically  and  socially  speak¬ 
ing.  . . .  We’re  making  this  same  mis¬ 
take  in  our  present  endeavors,  and 
not  paying  enough  attention  to  what 
radical  changes  might  be  to  come." 

DocFnder:  9536 

Online  help  and  advice 

Cool  Tools  Daily  Dose 

Columnist  Keith  Shaw  gets  you  the 
info  on  one  power  pack  for  all 
your  mobile  devices,  how  to  make 
your  USB  drive  tougher,  putting 
your  PC  on  a  stick  and  more. 

DocFinder:  9540 

The  Bleeding  Edge 

Analysts  Daniel  Briere  and  Patrick 
Hurley  examine  what  embedded 
EV-DO  on  IBM  ThinkPads  means 
for  the  nascent  technology. 

DocFinder:  9541 

Seminars  and  events 

Road  map  '06:  What's  New,  What's  Next  and  What  to  Buy  Now 

Which  innovations  will  have  the  biggest  effect  on  your  network  in  2006? 

Be  among  the  first  to  test  new  solutions  in  application  acceleration,  network 
management,  VoIP,  wireless  and  mobility,  security,  storage  and  network 
identity.  Qualify  to  attend  free  —  and  for  the  opportunity  to  win  a  42-inch 
plasma  TV  when  you  attend.  DocFinder:  9544 


BREAKING  NEWS 

Go  online  for  breaking  news  every  day.  DocFinder  1001 


How  to  survive  in  IT 

Columnist  Mark  Gibbs  offers 
advice,  and  readers  react.  Read 
Gibbs’  thoughts,  then  add  your 
own.  DocFinder:  9537 

Anti-spam  Buyer's  Guide 

Our  continuously  updated  guide 
details  dozens  of  products  and  lets 
you  slice  and  dice  product  information 
in  several  ways. 

DocFinder:  9538 

The  New  Data  Center:  Spotlight 
on  outsourcing 

Get  the  lowdown  on  your  outsourc¬ 
ing  options,  including  technology, 
rationale  and  case  studies. 

DocFinder:  9539 


Home  LAN  Adventures 

Keith  Shaw  looks  at  two  more 
ways  to  turn  your  PC  into  a 
media  center  without  buying  a 
Windows  Media  Center  PC. 

DocFinder:  9542 

Small  Business  Tech 

Columnist  James  Gaskin  says 
early  products  show  promise  when 
used  intelligently. 

DocFinder:  9543 


Management  Strategies 

57  How  to  deal  wRh  dBContmued 
gear  A  vendor  pulling  the  plug  on 
key  equipment  affords  you  ample 
upgrade  opportunities. 
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NEWSbits 


Ruling  puts  BlackBerry  service  at  risk 

HThe  Supreme  Court  last  week  denied  an  emergency  appeal  by  Research 
in  Motion,  maker  of  the  BlackBerry  to  halt  legal  proceedings  in  a  patent- 
infringement  case  that  could  cut  off  sales  of  the  device  and  shut  down  the 
BlackBerry  e-mail  service.The  decision  by  Chief  Justice  John  Roberts  mim¬ 
ics  a  similar  rejection  by  a  U.S.  District  Court  two  weeks  ago.  RIM  could 
avoid  a  shutdown  if  it  wins  the  case,  or  if  it  agrees  to  license  a  patent  that 
intellectual-property  holding  company  NTP  owns.  RIM  says  it  has  a  back¬ 
up  plan  should  it  fail  to  win  the  case,  making  it  unlikely  BlackBerry  users 
will  lose  their  service.  RIM  says  there  are  2.5  million  BlackBerry  users. 


MICHAEL  SLOAN 


U.S.  to  add  RFID  chips  to  passports 

■  The  U.S.  government  will  require  nearly  all  of  the 
passports  it  issues  to  have  a  computer  chip  contain¬ 
ing  the  passport  holder’s  personal  information  by 
October  2006,  according  to  regulations  published  last 
week.  Starting  in  early  2006,  the  State  Department  will 
begin  issuing  passports  with  64K-byte  RFID  chips 
containing  the  name,  nationality  gender,  date  of  birth, 
place  of  birth  and  digitized  photograph  of  the  pass¬ 
port  holder.  The  chip  would  match  the  data  on  the 
paper  portion  of  the  passport  and  improve  security 
by  making  it  more  difficult  for  criminals  to  tamper 
with  passports,  backers  say  After  the  State 
Department  proposed  RFID  chips  for  passports  in 
February  privacy  groups,  such  as  the  American  Civil 
Liberties  Union  and  the  Electronic  Frontier  Foun¬ 
dation,  expressed  concerns.  Some  RFID  chips  can  be 
remotely  scanned,  allowing  for  criminals  to  covertly 
scan  groups  of  passport  holders  at  airports,  the  EFF 
said  in  April.  The  State  Department  says  it  is  taking 
security  precautions. 

Microsoft  urges  Exchange  upgrade 

■  Microsoft  will  be  retiring  Exchange  Server  5.5  and 
support  for  the  product  by  year-end  and  is  recom¬ 
mending  users  upgrade  to  the  latest  version,  the  com¬ 
pany  said  last  week.  Microsoft  is  urging  customers 
who  are  still  running  Exchange  5.5  to  upgrade  to 
Exchange  Server  2003,  a  more  secure  version  of  the 
company’s  messaging  and  collaboration  server  prod¬ 
uct.  According  to  Microsoft,  the  number  of  Exchange 
Server  5.5  users  dropped  by  about  40%  over  the  past 
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“This  decision  is  a  powerful 
endorsement  of  the  enduring 
strength  of  the  AT&T  brand, 
which  is  far  and  away  the  most 
recognized  communications 
brand  in  the  U.S.  and  around 
the  globe.” 

AT&T  CEO  David  Dorman  on  SBC’s  decision  to  keep  the  name 
AT&T  once  the  companies  are  officially  merged. 

year,  evidence  that  customers  have  been  upgrading 
in  anticipation  of  the  product  phase-out.  Microsoft 
also  reminded  customers  that  Exchange  Server  2000 
will  move  out  of  mainstream  support  into  extended 
support  at  the  end  of  this  year.  Mainstream  support 
includes  free  incident  support,  security  updates  and 
non-security  hot  fixes.  Once  Exchange  Server  2000 
moves  into  extended  support,  customers  will  have  to 
pay  for  support  and  non-security-related  hot  fixes, 
according  to  Microsoft. 

Web  services  standard  advances 

■  The  Organization  for  the  Advancement  of 
Structured  Information  Standards  last  week  formed  a 
technical  committee  to  develop  Web  Services  Secure 


“The  help  desk  tries  to  do  a 
clean  install  of  a  Microsoft 
operating  system.  .  . .  ” 


Gregory  Mamayek  of  Reisterstown,  Md.,  is  the  winner  of  our  latest  Weekly  Caption 
Contest.  Check  out  our  excellent  runners-up  and  head  back  every  Monday  for  the 
start  of  the  next  round,  www.networkworld.com/weblogs/layer8 


TheGoodTheBadTheUgly 

<  Play  it  safe.  The  holiday  season  is 
upon  us.  Yes,  before  you  know  it,  it  will  be 
Computer  Security  Day  on  Nov.  30.  That's  the  day 
organizations  around  the  world  are  encouraged  to 
remind  people  to  protect  their  networks  and  com¬ 
puters.  For  more  information,  including  free  mate¬ 
rials,  visit  www.computersecurityday.org. 

Rocking  the  electronic  vote. 

Questions  about  the  security  and  accuracy  of 
electronic  voting  systems  are  likely  to  continue 
into  the  2006  national  elections,  because  the  U.S, 
government  has  not  yet  completed  work  on  elec¬ 
tronic  voting  guidelines,  according  to  a  new  gov¬ 
ernment  report.  With  lingering  concerns  about  the 
security  of  e-voting  systems,  the  Election  Assistance  Commission 
needs  to  define  security  policies  and  set  up  a  machine-certification 
program  to  help  state  and  local  election  officials  use  e-voting  equip¬ 
ment,  said  the  report,  issued  by  the  Government  Accountability  Office. 

Sawis  scores  publicity  nightmare?  Service 

provider  Sawis  and  its  CEO  Robert  McCormick  are  being  sued  by 
American  Express  for  what  the  financial  firm  says  amounts  to 
8241,000  in  unpaid  bills  resulting  from  a  night  at  Manhattan's  Scores 
topless  club  two  years  ago.  Sawis  counsel  has  countered  that 
McCormick  was  the  victim  of  fraud  at  Scores,  which  has  been  accused 
by  others  of  overcharging.  Sawis  has  put  McCormick  on  unpaid  leave 
while  it  investigates  the  matter. 

Exchange,  a  proposed  standard  to  enable  the  trusted 
exchange  of  multiple  Simple  Object  Access  Protocol 
messages.The  committee  will  work  with  a  set  of  spec¬ 
ifications  based  on  WS-SecureConversation,  WS- 
SecurityFblicy  and  WS-Trust.  OASIS  says  the  specifica¬ 
tions  provide  customers  with  the  ability  to  establish 
trust  relationships  that  span  long-running  exchanges 
and  provide  interoperability  for  real-world  scenarios. 
Committee  members  include  Actional,  Adobe,  BMC 
Software,  BEA  Systems,  Computer  Associates,  HR  IBM, 
Iona,  Microsoft,  Oracle,  SARTibco,  VeriSign  and  web- 
Methods. 

Level  3,  Cogent  settle  dispute 

■  Level  3  Communications  and  Cogent  Communi¬ 
cations  have  resolved  their  differences  and  will  con¬ 
tinue  to  exchange  Internet  traffic  under  a  new  peer¬ 
ing  agreement  announced  last  Friday.  As  a  result  of 
the  new  agreement,  Level  3  will  not  disconnect  its 
backbone  from  Cogent’s  access  network  on  Nov.  9,  as 
previously  announced.The  spat  between  Level  3  and 
Cogent  began  Oct.  5,  when  Level  3  discontinued  its 
peering  relationship  with  Cogent.  This  resulted  in 
some  blocked  Internet  traffic  for  customers  of  the 
two  companies.  Level  3  re-established  its  connection 
with  Cogent  on  Oct.  7,  but  warned  its  customers  that 
it  would  shut  down  its  connection  with  Cogent  again 
on  Nov.  9  unless  Cogent  agreed  to  a  new  peering  con¬ 
tract.  Peering  is  a  contractual  relationship  between 
ISPs  that  allows  them  to  exchange  Internet  traffic 
over  each  other’s  networks. 


View  the  latest  Websense  Security  Labs  webcast: 

"Six  Degrees  of  Spyware" 
www.  websensesecuritylabs.  com/webcast 


It's  no  surprise;  employees  are 
often  unaware  of  the  threats  that  put 
the  security  of  their  laptops — and  your 
network — at  risk  every  day. 


Websense  Remote  Filtering  extends  your 
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Vortex:  IT  issues  take  center  stage 


The  survey  says . . . 


Vortex  attendees  were  asked  to  weigh  in  on  outsourcing,  voice  communications  and  more. 


By  2010,  outsourcing  to  India,  China 
and  other  nations  will  cost  significantly 
more,  and  a  growing  number  of 


Uncertain 

12% 


Not  likely 

34% 


By  2010,  voice 
essentially  be  free. 

Uncertain  — i 

7% 


By  2010,  terrorists  will  have 
launched  an  attack  that  cripples  the 
Internet  for  weeks. 


Uncertain 

17% 


Likely 

39% 


For  more,  see  www.networkworld.com.  DocFinder:  9552 


BY  NEAL  WEINBERG 

SAN  FRANCISCO  —  IT  does 
matter  —  and  it  matters  in  a  big 
way 

That  was  one  of  the  main 
themes  that  emerged  from  Vortex 
2005,  a  two-day  smorgasbord  that 
included  a  spirited  CIO  debate 
on  utility  computing,  provocative 
presentations  by  industry  thought 
leaders  and  insightful  discussions 
on  the  future  of  IT  from  the  per¬ 
spective  of  investors,  vendors, 
observers  and  practitioners.  And 
all  without  PowerPoint. 

Nicholas  Carr  wasn’t  in  the  con¬ 
ference  room  at  the  Palace  Hotel, 
but  his  presence  was  felt  never¬ 
theless.  Author  Geoffrey  Moore, 
co-executive  producer  of  Vortex, 
opened  the  show  by  rebutting 
Carr’s  assertion  that  IT  doesn’t 
matter.  Moore  said  IT  can  play  a 
vital  role  in  the  success  of  any 
business  by  helping  the  company 
reestablish  differentiation. 

The  key  is  to  automate  or  out¬ 
source  IT  functions  that  aren’t 
core  to  the  business  in  order  to 
free  up  IT  talent  to  innovate  in 
areas  where  the  company  can 
gain  a  competitive  advantage, 
Moore  said. 

For  example,  David  Watson,  CTO 
at  Kaiser  Permanente,  said  one  of 
his  goals  is  to  use  data  mining  to 
give  Kaiser  an  edge  when  it 
comes  to  patient  care.  Another 
big  IT  group,  Fidelity  Investments, 
is  using  technology  to  move  more 


financial  tools  and  services  to  the 
Web,  and  to  improve  customer 
satisfaction  when  it  comes  to 
voice  calls. 

Ed  Kamins,  CIO  of  Avnet,  said 
his  philosophy  is  to  figure  out 
what’s  important  to  the  business 
and  then  determine  a  way  to  do  it 
better.  He  revamped  the  compa¬ 
ny’s  request-for-quotes  system 
and  has  launched  an  effort  to 
offer  IT  services  for  a  fee  to  cer¬ 
tain  customers. 

One  of  the  highlights  of  Vortex 
was  a  dinner  discussion  sparked 
by  a  survey  of  how  Vortex  atten¬ 
dees  see  the  future. 

For  example,  63%  of  respon¬ 
dents  said  it’s  very  likely  that  ser- 
vices-oriented  architectures  will 
be  the  dominant  computing 
model  by  2015,  but  only  35% 
thought  that  outsourced  utility 
computing  will  be  the  dominant 
model  by  then. 

On  other  topics,  78%  said  it’s 
very  likely  that  U.S.  homes  will 
have  access  to  20M  bit/sec  broad¬ 
band  by  2015,  while  only  15% 
believe  it’s  likely  that  vendors  will 
solve  our  security  problems  by 
2010. 

Google  was  a  major  topic  of 
conversation.  Industry  veteran 
Mitchell  Kertzman,  now  a  partner 
at  Hummer  Winblad  Venture 
Partners,  pointed  out  that  the 
smartest  young  people  are  now 
flocking  to  Google  the  way  they 
used  to  flock  to  Microsoft.  But  the 


consensus  among  attendees  at 
Vortex  was  that  Google  will  re¬ 
main  primarily  a  consumer-ori¬ 
ented  business  and  will  not  try  to 
challenge  Microsoft  in  the  enter¬ 
prise.  Still,  18%  of  survey  respon¬ 
dents  thought  Google  would  own 
the  desktop  by  2010. 

Utility  computing  is  another 
area  that  provoked  quite  a  bit  of 
discussion,  especially  in  the  light 
of  Carr’s  latest  argument  that  util¬ 
ity  computing  —  computing  pro¬ 
vided  by  a  service  provider  — 
means  the  end  of  the  corporate 
IT  department.  In  a  debate  for¬ 
mat,  Ryan  Granard,  CIO  at 
Dolphin  Search,  took  the  pro-util¬ 


ity  computing  side,  while  Hasbro 
CIO  Douglas  Schwinn  argued 
against  it. 

Schwinn  disagreed  with  Carr’s 
premise  that  IT  doesn’t  matter.  He 
said  IT  matters  because  it  is  inher¬ 
ently  strategic;  it  creates  business 
opportunities.  He  said  outsourc¬ 
ing  the  entire  computing  function 
is  a  bad  idea,  because  it  goes 
against  the  notion  of  IT  and  the 
business  working  together  to 
improve  business  processes. 

Schwinn  added  that  two  pieces 
of  the  utility  computing  puzzle 

—  virtualization  and  billing  tools 

—  are  still  immature.“In  the  near 
term  I  don’t  see  it  happening.  It’s 
critical  that  we  don’t  let  our 
heartbeat  run  somewhere  else,” 
Schwinn  said.  As  an  alternative, 
he  said  data  center  consolida¬ 
tion  and  standardization  are  two 
steps  that  can  provide  significant 
benefits,  without  the  risk  of  out¬ 
sourcing. 

Granard  said  treating  IT  re¬ 
sources  as  a  utility  that  can  be 
measured,  priced  and  billed  to 
customers  on  a  usage  basis  is  al¬ 
ready  happening  in  his  company 
By  using  a  commodity  infrastruc¬ 
ture,  by  using  VMware  for  provi¬ 
sioning  and  tools  to  help  with 
policy-based  decision  making,  he 
can  reprovision  on  the  fly  based 
on  business  needs.  The  advan¬ 
tages  are  cost  savings  and  faster 
implementations. 

Granard  added  that  utility  com¬ 
puting,  whether  in-house  or  out¬ 
sourced,  does  not  mean  the  end 
of  the  IT  department.  It  means  IT 
staffers  can  move  from  mainte¬ 


nance  jobs  to  more  creative  and 
business-focused  roles. 

Software  as  a  service  is  another 
trend  that  seems  to  be  gaining 
traction,  according  to  attendees. 
Ray  Ozzie,  formerly  of  Lotus  and 
Groove  Networks,  said  his  role  as 
one  of  three  CTOs  at  Microsoft  is 
to  push  the  services  model  at  his 
new  employer. 

Other  thoughts  and  predictions 
from  Vortex:  Open  source  will 
continue  to  spread  across  the 
enterprise  computing  scene,  but 
not  to  the  desktop  because  of  the 
huge  cost  associated  with  getting 
off  the  Windows  platform. 

The  desktop  of  the  future  will 
not  be  limited  to  a  single  15-inch 
monitor.  It  might  look  like  a  wall- 
mounted  flat-screen  TV  with  mul¬ 
tiple  channels,  or  it  might  be 
another  device  entirely  such  as  a 
souped-up  cell  phone. 

Commoditization  of  computer 
hardware  and  software  will  con¬ 
tinue.  In  fact,  49%  of  respondents 
said  it’s  likely  that  by  2015  the 
computer,  network  and  storage 
markets  will  be  dominated  by 
foreign  manufacturers  of  low- 
cost  commodity  products.  ■ 


nww.com 

Gallant  view 

Network  World's  Editorial  Director  John 
Gallant  brings  you  insights  and  opinions 
on  the  key  issues  shaping  enterprise  li 
in  the  Vortex  Blog. 

DocFinder:  9553 


Bring  on  the  wireless  apps, 
users  tell  WiMAX  World 


BY  JOHN  COX 

BOSTON  —  Users  had  a  clear  focus  at  last  week’s 
WiMAX  World  conference:  They  wanted  to  know 
more  about  cost-effective,  reliable,  licensed  wire¬ 
less  broadband  for  applications  such  as  backhaul, 
access  to  wireline  network  services  and  data  back¬ 
up/recovery. 

The  conference  is  one  of  the  main  events  for  the 
WiMAX  community  a  constellation  of  chip  ven¬ 
dors,  radio  and  equipment  builders,  billing  and 
management  software  vendors,  systems  integra¬ 
tors,  carriers  and  service  providers  all  trying  to  ex¬ 
ploit  the  IEEE  802.16  standards  for  wireless  broad¬ 
band. This  year’s  show  signed  up  about  3,000  atten¬ 
dees,  compared  with  just  750  last  year,  and  150 
sponsors  and  exhibitors. 

There  was  a  clear  divide  between  corporate  users 


focused  on  practical  concerns  and  some  vendors, 
such  as  Motorola,  which  sketched  visionary  scenar¬ 
ios  of  mobile,  “personal  broadband”  services  and 
devices.  Those  vendors  are  focusing  on  one  branch 
of  WiMAX  —  802.16e,the  developing  IEEE  standard 
for  mobile  wireless  broadband,  some  of  it  delivered 
over  unlicensed  frequencies. 

But  the  most  likely  corporate  services  to  exploit 
WiMAX  first  will  be  based  on  licensed  spectrum  and 
the  fixed  WiMAX  standard:  802.16-2004,  formerly 
known  as  16d.  Each  base  station  can  deliver  up  to 
75M  bit/sec,  over  a  typical  range  of  up  to  5  miles. 

“The  two  standards  are  not  the  same,  and  they  ad¬ 
dress  very  different  markets,”  says  Craig  Mathias,  prin¬ 
cipal  at  Farpoint  Group,  a  consultancy  specializing  in 
wireless  networking.“We  see  WiMAX  dominating  for 

See  Wireless,  page  15 
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Microsoft’s  future  in  Bl  market  unclear 


Business  intelligence 

Microsoft  last  week  brought  its  forthcoming  Office  12  into  its 
plans  to  provide  business  intelligence  software.  This  week, 
Microsoft  will  ship  Business  Scorecard  Manager  2005  and  the 
following  week  SQL  Server  2005,  which  includes  a  number  of 
business  intelligence  features. 


Products 

Description 

Availability 

Microsoft  Business 
Scorecard  Manager  2005 

Server-based  scorecard  application  lets 
users  track  performance  against  goals. 

Nov.  1 

SQL  Server  2005 

New  development  and  management  tools 
focused  on  business  intelligence. 

Nov.  7 

Office  12  Excel 

Microsoft's  front  end  for  business 
intelligence.  Includes  support  for  SQL 
Server  2005  Analysis  Services. 

Second  half 
of  2006 

j 

Office  12  SharePoint 
products 

Supports  business  intelligence  portals 
with  links  to  real-time  data. 

Second  half 
of  2006 

BY  JOHN  FONTANA 

Microsoft  last  week  broadened 
its  plans  to  intelligently  gather  and 
analyze  business  data  by  linking 
its  Office  applications  and  back¬ 
end  servers  while  emphasizing 
future  developments.  But  ob¬ 
servers  are  split  on  just  how  signif¬ 
icant  that  future  might  be. 

In  the  next  two  weeks,  Microsoft 
plans  to  release  not  only  the  long- 
awaited  SQL  Server  2005,  with  its 
business-intelligence  enhance¬ 
ments,  but  also  Microsoft  Business 
Scorecard  Manager  2005,  which 
was  announced  last  week. 

In  addition,  the  company  said 
that  Office  12  components  due  to 
ship  by  the  end  of  2006,  specifi¬ 
cally  Excel  and  ShareFbint,  would 
figure  prominently  in  the  busi¬ 
ness-intelligence  push. 

Microsoft  is  trying  to  create  a 
bundle  of  business-intelligence 
software  that  lets  users  gather, 
store  and  analyze  data  for  tasks 


such  as  decision  support,  query 
and  reporting,  online  analytical 
processing,  statistical  analysis, 
forecasting  and  data  mining. 

Observers  say  Microsoft  is  trying 
to  establish  the  business-intelli¬ 
gence  interface  as  part  of  its  mul¬ 
tiple  integration  projects  around 
Office,  its  dominance  on  the  cor¬ 
porate  desktop  and  its  wish  to 
ignite  Office  upgrades. 

“Microsoft  has  been  acting  on 
the  realization  that  Office  is  a 
ubiquitous  tool  in  the  enterprise,” 
says  Joshua  Greenbaum,  a  princi¬ 
pal  with  Enterprise  Applications 
Consulting. 

That  assessment  is  supported 
by  moves  to  make  Office  the  front 
end  for  real-time  communication 
and  Microsoft  Dynamics  business 
applications,  and  by  business- 
intelligence  partner  deals,  such  as 
one  linking  SAP’s  back-end  pro¬ 
cesses  with  Office. 

“This  is  a  way  for  them  to  lever¬ 


age  what  they  are  good  at,  which 
is  the  interface  and  the  Office  en¬ 
vironment,  and  still  be  able 
to  say  they  are  a  player  in  the  en¬ 
terprise  software  market,”  Green¬ 
baum  says. 


But  Microsoft  and  market  lead¬ 
ers  such  as  Business  Objects  and 
Cognos  are  missing  a  fundamen¬ 
tal  issue,  he  adds. 

“The  world  does  not  need  more 
[business-intelligence]  tools,  it 


needs  [business-intelligence] 
solutions.  Companies  need  to  be 
told  where  to  go,  what  to  look  for 
and  what  to  do  with  the  results.” 

A  study  by  Gartner  earlier  this 
year  concluded  that  the  biggest 
barrier  to  business-intelligence 
deployment  is  a  lack  of  user  skills 
and  knowledge  of  best  practices. 

Others  agree  with  that  assess¬ 
ment,  including  Jeff  Raikes,  the 
president  of  Microsoft’s  Business 
Division,  who  said  that  Microsoft 
sees  an  opportunity  because 
“users  see  [business  intelligence] 
as  inconvenient,  expensive  and 
hard  to  use.” 

The  company  has  been  mold¬ 
ing  SQL  Server  into  a  business- 
intelligence  platform  since  the 
mid-1990s,  experts  say  adding  ser¬ 
vices  for  integration,  analysis  and 
reporting. 

“With  Microsoft,  [business  intel¬ 
ligence]  begins  with  SQL  Server]’ 

See  Microsoft,  page  14 
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Trend  Micro,  eSoft  tout 
anti-spyware  products 


BY  ELLEN  MESSMER 

This  week  Trend  Micro  and  eSoft  plan  to  unveil 
products  aimed  at  helping  customers  combat  spy- 
ware.  Trend  Micro’s  focus  will  be  on  desktops  and 
servers,  while  eSoft’s  will  be  on  appliance-based 
gateway  filtering  of  spyware. 

Trend  Micro’s  Anti-Spyware  Enterprise  Edition 
provides  protection  for  organizations  with  at  least 
500  users.  The  company  which  acquired  anti-spy- 
ware  vendor  InterMute  in  the  spring,  has  extended 
the  consumer-based  software  to  protect  Windows- 
based  clients  and  servers. 

Anti-Spyware  Enterprise  Edition  retains  the  search 
and  eradication  methods  InterMute  developed  to 
wipe  out  the  hard-to-find  CoolWebSearch  spyware, 
which  has  about  50  variants  today  that  can  hijack 
Web  browsers. 

The  software,  which  costs  $11.55  per  user,  is  man¬ 
aged  via  Trend  Micro’s  Control  Manager  console, 
which  discovers  client  machines  and  pushes  agents 
to  desktops.  It  is  designed  to  run  desktop  scans 
against  many  types  of  spyware  without  hogging 
computing  resources,  says  Bob  Hansmann,  senior 
product  manager. 

“It’s  called  trickle-scan,  and  it’s  a  process  to 
scan  periodically  when  computing  resources  are 
available  so  there’s  no  performance  problem 
with  applications,”  he  says.  Before  acquiring 
InterMute,  Trend  Micro  added  its  own  anti-spy- 
ware  filtering  to  its  InterScan  content-filtering 


gateway  and  its  OfficeScan  anti-virus,  anti-spam 
product  line. 

Separately  eSoft  announced  it  has  added  anti-spy- 
ware  protection  to  its  InstaGate  firewall/VPN  line  for 
small-to-midsize  business  customers.  The  InstaGate 
line  also  provides  anti-spam,  anti-virus  and  Web 
access  controls  through  additional  modules. 

The  anti-spyware  engine  that  InstaGate  uses  is 
adapted  from  technology  provided  by  partner  Aluria 
that  will  provide  spyware-protection  updates  on  a 
regular  basis,  says  Scott  Lukes,  vice  president  of  mar¬ 
keting. 

Tim  Taylor,  IT  manager  at  Golden,  Colo.-based  Good 
Times  Restaurant,  says  he’s  beta-testing  the  anti-spy- 
ware  protection  in  the  InstaGate  appliance  for 
Internet-based  content  filtering  deployed  at  the 
restaurant  chain’s  headquarters. 

Spyware  appears  to  be  the  source  of  many  prob¬ 
lems  with  the  office’s  desktop  computers, Taylor  says. 
“It  gets  hold  of  the  computer,  and  pulls  up  pornogra¬ 
phy  and  gambling  Web  sites,”  he  says.“It  makes  the  PC 
have  a  hard  time  functioning.” 

InstaGate  has  done  a  good  job  blocking  spyware 
through  gateway-based  filtering,  though  he  adds, “It’s 
definitely  impossible  to  eliminate  all  of  it.” 

Taylor  says  he  prefers  gateway-based  filtering 
because  it’s  much  easier  to  manage  than  distributing 
anti-spyware  at  the  desktop. 

The  anti-spyware  protection  starts  at  $99  and  is 
scheduled  to  be  available  next  month.  ■ 


Botnets  turning  into  spyware  enemy  No.  1 


The  security  industry  has  had  a  hard  time 
defining  spyware,  much  less  eliminating  it. 
But  according  to  many,  there's  one  type  of 
spyware  that’s  among  the  most  dangerous:  the 
botnet. 

The  Anti-Spyware  Coalition,  the  industry  group 
striving  to  come  up  with  types  and  risk  models 
for  spyware,  defines  a  botnet  as  remote-control 
software  covertly  installed  on  computers  that  can 
be  exploited  to  turn  the  machines  into  mass  mail¬ 
ers  or  become  part  of  a  denial-of-service  attack. 

Organized  into  botnet  armies  controlled  through 
an  unknown  source,  these  networks  of  compro¬ 
mised  computers  are  widely  believed  to  be  avail¬ 
able  for  a  growing  range  of  criminal  purposes, 
including  extortion. 

According  to  Symantec's  most  recent  Internet 
Security  Threat  Report,  which  compiles  security- 
related  data  on  a  semiannual  basis  from  24,000 
sensors  around  the  world,  there  were  10,352 
active  bot  networks  active  each  day  in  the  first 
half  of  the  year,  an  increase  of  more  than  140% 
from  the  previous  count  of  4,348. 

Security  outfits  —  and  telecom  firms  that  find 
botnet  traffic  riding  their  pipes  —  see  botnets 
quickly  rising  to  the  position  of  public  enemy  No.1. 


“Every  single  virus,  Trojan  or  worm  is  dropping  a 
bot,”  says  David  Perry,  global  director  of  educa¬ 
tion  at  Trend  Micro,  which  this  week  issued  a  new 
anti-spyware  product  (see  story,  above). 

Perry  says  he's  known  of  a  single  botnet  in  con¬ 
trol  of  600,000  compromised  machines.  Botnets 
have  been  used  as  spam  relays,  and  have  been 
the  source  for  distributed  denial-of-service 
attacks  since  at  least  five  years  ago,  when  15- 
year-old  Maf  iaboy  managed  to  cripple  the  Web 
sites  of  Amazon.com,  CNN,  E-Trade  and  others 
by  flooding  them  with  unwanted  traffic. 

Today,  botnets  appear  to  be  used  to  pump  up 
numbers  of  visits  to  Web  sites  through  compro¬ 
mised  desktops,  Perry  adds. 

Arbor  Networks  six  months  ago  helped  organize 
the  Fingerprint  Sharing  Alliance  so  network 
providers  could  swap  information  about  Internet 
attacks.  "Botnets  are  probably  the  No.  1  reason 
that  providers  are  working  together  in  forums 
[such  as  this],”  says  Paul  Morville,  Arbor’s  direc¬ 
tor  of  product  management,  "In  2005,  denial  of 
service  means  botnets  —  tens  of  thousands  of 
compromised  hosts  —  flooding  the  network  infra¬ 
structure  itself,” 

—  Ellen  Messmer 


Users  assess  plans 

for  data  protection, 
disaster  recovery 

BY  DENI  CONNOR 

ORLANDO  —  Amid  the  devastation  of  Hurricane  Wilma  last  week, 
IT  professionals  appraised  their  disaster-recovery  and  data-protection 
plans  and  said  their  strategies  are  in  flux,  regular  testing  is  necessary 
and  funding  is  still  hard  to  get. 

At  the  Storage  Networking  World  conference  last  week  —  attended 
by  more  than  2,000  IT  professionals  —  a  panel  of  users  said  that 
although  disaster  recovery  and  data  protection  head  their  lists  of  IT 
priorities,  funding  is  often  elusive,  and  many  of  their  strategies  are  in 
transition  as  their  storage  and  application  infrastructure  changes. 

Funding  a  disaster-recovery  scheme  is  difficult,  said  Hal  Weiss,  sys¬ 
tems  engineer  for  Baptist  Memorial  Health  Care  in  Memphis. 

“One  of  the  major  issues  of  a  hospital  organization  is  that  we  are 
constrained  by  the  amount  of  money  we  get  because  we  depend  on 
Medicare  and  Medicaid  to  reimburse  us,”  he  said. 

Weiss  said  his  disaster-recovery  plan  is  limited,  because  he  is  not 
involved  in  determining  which  applications  the  organization  pur¬ 
chases. 

“1  can’t  pick  the  applications  the  organization  uses,  because  they  are 
controlled  by  the  clinicians,”  Weiss  said.  “Sometimes  an  application 
doesn’t  lend  itself  to  a  disaster-recovery  strategy’ 

Weiss  has  a  138T-byte  storage-area  network  (SAN)  and  is  experienc¬ 
ing  a  300%  annual  increase  in  data  that  needs  to  be  protected.  For 
backing  up  the  data  on  his  SAN  and  disaster  recovery  he  uses 
Revivio’s  CPS  1200  continuous  data  protection  array  and  Copan’s 
Revolution  200T  array 

Money  for  disaster  recovery  is  often  denied  because  businesses 
don’t  understand  its  necessity. 

“Recovery  has  always  been  kind  of  a  ‘Johnny  One  Note’  business 
process,”  said  John  Toigo,  moderator  of  the  panel  and  senior  analyst 
for  Toigo  Partners  in  Dunedin,  Fla.  Management  “sees  it  as  spending 
money  on  a  set  of  procedures  that  don’t  yield  any  tangible  benefits  to 
the  company’ he  said. 

John  Gideon,  business  continuity  manager  for  Rent-a-Center  in 
Plano, Texas,  has  received  funding  for  disaster  recovery  and  has  creat¬ 
ed  an  out-of-state  hot  site  for  his  business-critical  and  financial  appli- 

See  Disaster,  page  12 


Storage  bonanza 

A  sampling  of  products  introduced  at  Storage  Networking 
World  last  week. 


Product 

Function 

Price 

Cisco  MDS  9020 

20-port  Fibre  Channel  switch 

$400  per  port 

Promise  Technology  VTrakJ- 
Glass  SAS  system 

Serial  Advanced  Technology 
Attachments  and  Serial 
Attached  SCSI  array 

Starts  at  $2,900 

Lfifthand  Networks  Network 
Storage  Module  160  and  260 

iSCSI  SAN  arrays  with  IT  to 
6T  bytes  of  storage 

$20,000,  $32,000 

HorthSeas  Gal  E/M 

E-mail  archiving  appliance 

$20,000 

Sepaten  S2100-ES2  Series  409 

Virtual  tape  library  appliance 
with  more  than  IP  byte  of 
capacity 

Starts  at  $45,000 

WyrsDM  for  Backups  3  and 
WysDM  four  Fileservers  3 

Back-up  reporting  and 
predicitive  analysis  software 

Starts  at  $15,000 

EMC  RecoverPoint 

Continous  data  protection 
software 

$75,000 

Oracle  Fusion  Middleware 
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So  Standard,  It's  Hot-Pluggable 
With  Your  Existing  Software 


J2EE — Enterprise  Portal  —  Identity  Management  —  Integration  —  Data  Hub  —  Business  Intelligence 


oracle.com/middleware 
or  call  1.800.0RACLE1 


Copyright  ©  2005,  Oracle.  All  rights  reserved.  Oracle,  JD  Edwards  and  PeopleSoft  are  registered  trademarks  of  Oracle  Corporation  and/or  its  affiliates.  Other  names  may  be  trademarks  of  their  respective  owners. 
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Outer  space 

continued  from  page  1 

“We  needed  to  . . .  put  a  stake  in 
the  ground  and  have  something 
to  talk  about  from  a  technology 
perspective,” says  Rick  Sanford, 
director  of  Cisco’s  Global  Space 
Initiatives  group. 

Routers  in  space  hold  promise 
for  future  satellite-based  broad¬ 
band,  which  could  make  wide- 
area  data  network  services  ubiq¬ 
uitous  and  more  robust  than  cur¬ 
rent  satellite-based  data  services, 
Sanford  says. The  use  of  commer¬ 
cial  off-the-shelf  (COTS)  comput¬ 
ing  and  network  technology  also 
is  of  interest  to  the  government 
and  aerospace  industry 

“NASA  and  the  Department  of 
Defense  are  currently  involved  in 
defining  the  next-generation  net¬ 
work  architecture  for  space.  This 
new  architecture  will  utilize 
Internet  Protocols  to  ensure  inter¬ 
operability  between  terrestrial 
(land,  sea  and  air)  and  satellites,” 
wrote  Phillip  Paulsen, space 
Internet  technology  project  man¬ 
ager  for  NAS  As  Glenn  Research 
Center,  in  a  report. The  center,  in 
Cleveland,  has  been  involved  in 
the  development  of  Internet  tech¬ 
nologies  for  space  applications 
since  the  mid-1990s. 

“The  current  development 
activities  are  all  cooperative  in 
nature  and  utilize  . . .  commer- 
cial-off-the-shelf  network  equip¬ 
ment  that  has  been  designed  to 
open  standards,  helping  to  re¬ 
duce  costs  and  ensure  compati¬ 
bility  with  future  commercial  sys¬ 
tems,”  Paulsen  wrote. 

CLEO  is  born 

Working  with  Surrey  Satellite 
Technology  Cisco  made  CLEO 
available  for  launch  in  2003  as 
piggyback  cargo  on  the  U.K. 
Disaster  Monitoring  Consortium 
satellite,  part  of  a  satellite  net¬ 
work  used  to  photograph  hurri¬ 
canes,  wildfires  and  earthquakes 
from  space. 

Last  year,  CLEO  was  put  to  its 
big  test,  executed  by  the  Air 
Force,  Army  and  NASAs  Glenn 
Research  Center  at  Vandenberg 
Air  Force  Base  in  California.  In 
this  test,  military  personnel  sitting 
in  a  jeep  used  a  laptop  running 
special  General  Dynamics  soft¬ 
ware  to  make  IP-based  contact 
with  CLEO.  From  this  Virtual 
Mission  Operations  Center,  laptop 
operators  were  able  to  download 
images  from  the  satellite  and 
send  command-and-control  sig¬ 


Routers  in  space 

How  IP  routers  could  make  satellite  communications  smarter: 

Current  satellite  communications  can  only  go  up  or  down,  and  rely  on  land-based  links  to  connect  satellites. 
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Satellites  with  routers  could  talk  to  other  satellites  in  the  air,  and  dynamically  route  traffic  to  nodes  on  the  gn 
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nals  to  the  device  over  IPThis 
pure-lP  link  to  a  router  in  space 
was  a  first,  Sanford  says. 

Satellite  communication  signals 
traditionally  have  been  sent  and 
received  using  what’s  known  as  a 
bent-pipe  method.  A  signal  is  sent 
up  from  a  fixed  point  on  Earth, 
received  by  the  satellite  and 
amplified,  then  sent  back  down 
to  a  predetermined  point. With  all 
traffic  routing  decisions  made  on 
the  ground,  the  satellite  link  is 
basically  a  Layer  1  connection 
technology 

“Satellites  can  be  sort  of  a  fixed 
infrastructure,  always  over  a  point 
of  the  globe  —  not  dissimilar  to  a 
fiber  network  in  the  ground,” says 
Lloyd  Wood,  space  initiatives 
manager  at  Cisco. “So  getting 
more  networking  into  space  is  of 
interest  to  us.” 

Having  a  router  onboard  a 
satellite  changes  everything, 
Wood  says. 

“Satellites  are  becoming  more 
computationally  smart.  But  the 
trend  is  to  move  toward  doing 
more  digital  signal  processing  — 
cleaning  up  the  signals  electroni¬ 
cally  before  amplifying  and  shov¬ 
ing  them  back  down.  If  you’re 
willing  to  do  the  electronics  and 
processing,  actually  going  anoth¬ 
er  step  to  look  at  what  you’re  car¬ 
rying,  to  look  at  the  signal  and  do 
packet  processing  isn’t  much  of  a 
stretch,”  he  says. 

Having  a  router  on  a  satellite 
dynamically  move  packets  to  dif¬ 
ferent  nodes  could  make  satellite 
signals  harder  to  jam,  allowing 
satellites  to  route  signals  to  each 
other  in  the  air  or  on  the  ground. 
Space-born  routers  also  could 
lead  to  higher-bandwidth  satellite 
data  and  voice  services  that  have 
less  latency  and  more  resiliency 

Satellite  makers  such  as  Boeing 
and  Lockheed  Martin  are  work¬ 
ing  on  on-board  processing  tech¬ 
nology  that  allows  for  more 
advanced  communication 
beyond  the  bent-pipe  method, 
says  Max  Engle,  aerospace  and 
telecom  analyst  for  Frost  and 
Sullivan.  But  use  of  COTS  network 
gear,  such  as  industry-standard 
routers,  IP  stacks  and  protocols, 
are  still  not  widely  used. 

“The  big  satellite  companies 
are  not  using  anything  even 
approaching  off-the-shelf  technol¬ 
ogy  for  that,”  Engle  says.The  rea¬ 
son  for  this  is  the  demanding 
environment  of  space  —  extreme 
temperatures,  radiation,  vacuum 
and  no  ability  to  send  up  a  tech¬ 
nician  to  fix  things  if  they  break, 


he  says. 

“One  of  the  things  with  on¬ 
board  processing  is  a  communi¬ 
cations  satellite  that  has  dumb 
transponders  is  pretty  robust,” 
Engle  says.There  is  not  a  single 
point  of  failure  in  the  communi¬ 
cation  system.  Once  you  put 
more  processing  up  there,  you 
run  the  risk  of  having  one  fail¬ 
ure  in  your  communication  sys¬ 
tem  propagate  to  your  whole 
satellite.” 

Physical  factors 

With  this  environment  in  mind, 
CLEO  wasn’t  built  like  other 
routers. To  get  the  device  ready 
for  space  travel,  Cisco  engineers 
had  to  make  some  unique  modi¬ 
fications. 

Its  circuits  are  soldered  not  with 
standard  tin,  but  with  lead,  which 
is  a  health  hazard  for  electronics 
sold  in  the  United  States.Tin  sol¬ 
der  also  isn’t  without  its  short¬ 
comings,  as  it  is  susceptible  to 
flakes  of  metal  that  form  and  can 
short  out  circuitry. 

Cisco  also  built  the  router  with¬ 
out  internal  clock  batteries, 
which  could  explode  in  space. 
Instead  of  fans,  heat  sinks  push 
heat  generated  by  the  electronics 
out  toward  the  casing  of  the 
device.  Acid-based  or  “wet”  capac¬ 
itors  in  the  circuitry  are  swapped 
for  dry  capacitors. 

Otherwise,  CLEO  was  kept  to 
industry  standards  and  COTS- 
based  technology  Sanford  says. 
For  instance,  the  device  has  no 
radiation  shielding,  which  would 
have  subjected  CLEO  to  the  U.S. 


International  Traffic  and  Arms 
Regulations,  which  prevent  tech¬ 
nology  specifically  designed  for 
space  and  weapons  systems  to  be 
released  outside  the  United  State. 

“This  allowed  us  to  represent 
what’s  possible  by  leveraging 
commercial  capabilities  in  part¬ 
nership  with  the  space  communi¬ 
ty’ Sanford  adds. 

Not  coming  home 

As  for  when  CLEO  will  come 
down,  a  timetable  has  not  been 
established. 

“The  design  life  of  the  space¬ 


craft  is  20  years,”  Wood  says.  But 
because  the  router  has  no  radia¬ 
tion  shielding,“we  don’t  know 
how  long  it  will  last,”  he  says. 

If  or  when  CLEO  or  the  satellite 
does  fail,  the  satellite  can  be  de- 
orbited  to  keep  paths  clutter  free. 
But  Cisco  won’t  be  able  to  recov¬ 
er  its  first  space-traveling  product 
for  posterity 

“We  would  use  the  remaining 
propulsion  to  put  it  into  an 
orbit  to  burn  up  in  the  atmos¬ 
phere,"  Wood  says.“Unfortu- 
nately,  we  won’t  be  able  to  get 
CLEO  back.”  ■ 


Disaster 

continued  from  page  10 
cations. 

“Our  finance  systems  are  replicated  in  real  time  [between  locations] 
and  will  come  up  in  different  stages  depending  on  the  application,” 
Gideon  said. 

At  Auto  Warehousing  in  Tacoma, Wash.,  CIO  Dale  Frantz  also  has  set  in 
motion  a  plan  to  test  his  disaster  preparedness. 

“We  have  28  facilities  and  we  test  at  a  specific  facility  once  a  month," 
Frantz  said.“Our  tests  involve  pulling  out  drives  in  the  server  to  watch 
the  failover  process  and  make  sure  it  works.” 

A1  Todd,  senior  vice  president  of  IT  for  Pacific  Capital  Bancorp  in 
Santa  Barbara,  Calif.,  also  tests  his  disaster  recovery  plan  regularly 'While 
Todd  uses  a  service  to  protect  his  data,  he  plans  to  bring  his  disaster 
recovery  onsite  in  the  next  year. 

“We  take  data  [annually]  from  our  offsite  storage  facility  and  have  it 
flown  out  to  the  site,  download  the  data  onto  a  machine  at  the  site, 
attach  it  to  the  SAN  and  prove  we  can  run  our  systems  remotely  from 
Philadelphia, ’’Todd  said.“We  are  now  in  a  transition  to  several  times  a 
year  testing  and  will  bring  our  disaster  recovery  in-house.” 

Todd  has  a  SAN  consisting  of  two  Hitachi  Data  Systems  TagmaStore 
Universal  Storage  arrays,  each  with  20T  bytes  of  storage,  two  Hitachi 
9585V  arrays  with  20T  bytes  of  storage,  as  well  as  IBM  and  EMC  storage 
arrays.  The  SAN  connects  to  as  many  as  200  Intel-based  servers,  each 
with  200G  bytes  of  direct-attached  storage, and  a  mainframe.* 


SWITCH  TO  POSTINI.  THE  SMART  MOVE 
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SWITCHING  TO  PO 


WE  COULD  DO  TO  STOP  SPAM 


At  World  Wildlife  Fund,  we  were  overwhelmed  with  spam  and  knew  we  had  to  act.  We 
tried  another  managed  service  but  ran  into  problems  and  disruptions.  Then  we  switched 
to  Postini.  Smart  move. 


Now  we  protect  email  at  our  Washington  DC  headquarters  and  several  of  our  field 
offices  around  the  world  with  Postini’s  patented,  secure  email  boundary  services.  We’re 
still  outsourcing  our  email  security — saving  time,  money  and  bandwidth — only  now 
we  have  the  best:  Postini. 


GREGORY  SMITH,  VICE  PRESIDENT  AND  CIO,  INFORMATION  TECHNOLOGY 

WORLD  WILDLIFE  FUND.  WASHINGTON  DC 


FIND  OUT  WHY  COMPANIES  ARE  SWITCHING  TO  PO  INI.  DOWNLOAD  A  FREE  WHITE 
PAPER  AT  ;TINI.C0M/NW7,  OR  CALL  US  TODAY  AT  888.584.3150 
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Chevron’s  two-factor  authentication 

Chevron’s  SmartBadge  includes  three  chips,  two  tied  to  building 
access  and  one  for  network  logon.  The  dual-function  card  is 
unique  because  it  includes  certificates  to  support  single  sign- 
on,  digital  signatures  and  encryption. 


D  User’s  SmartBadge  provides  secure  access  to  building. 


0  The  SmartBadge  and  a  PIN  provide  network  logon.  _ 

0  SmartBadge  is  integrated  with  v-Go  single  sign-on  technology  from  Passlogix,  which 
binds  certificate  and  card  to  the  user  and  helps  secure  v-Go’s  log  of  application 
passwords. 

□  Users  access  any  of  their  applications  just  by  clicking  on  a  desktop  icon.  Certificates 
on  SmartBadge  also  support  use  of  digital  signatures  and  encryption. 


Chevron 

continued  from  page  1 

been  rolling  out  SmartBadge  and 
the  infrastructure  to  support  two- 
factor  authentication  on  a  single 
card  as  its  corporate  identity  pri¬ 
vacy  and  security  standard. 

Two-factor  authentication  is 
based  on  something  you  have 
and  something  you  know.  In  Chev¬ 
ron’s  case  that  is  the  SmartBadge 
and  a  PIN. 

Other  companies  use  badges 
that  combine  building  and  net¬ 
work  access,  but  Chevron  is  the 
pioneer  for  also  including  desk¬ 
top  logon,  certificates  for  digital 
signatures  and  encryption,  and 
single  sign-on. 

“This  project  has  been  going  on 
for  a  long  time,  mainly  because 
we  decided  not  to  go  with  a  big- 
bang  approach,”  says  Edmund 
Yee,  an  emerging  technology 
team  leader  in  Chevron’s  Infor¬ 
mation  Technology  Company 

“We  wanted  to  bring  in  pieces 
in  small,  achievable  chunks  and 
then  keep  on  expanding,”  he  says. 

Yee  and  Schlumberger,  the  pro¬ 
ject’s  systems  integrator,  have 
no  doubt  they  took  the  right 
approach,  which  included  a  year¬ 
long  effort  to  define  governance 
and  policy  standards. 

“Getting  into  systems  securely 
and  being  able  to  do  things  like 
digital  signatures,  encrypting 
drives  and  data  encryption  —  that 
is  where  this  starts  to  touch  busi¬ 
ness  processes  and  where  you  get 
into  formally  auditing  events  and 
establishing  non-repudiation,”  says 
Greg  Salyards,  practice  manager 


at  Schlumberger. 

Salyards  says  the  SmartBadge 
lets  Chevron  transform  critical 
corporate  decisions  that  were 
once  just  paper  trails  into  digital 
records.  Another  result  has  been  a 
70%  reduction  in  the  nearly  4,000 
password  resets  Chevron  was  per¬ 
forming  each  month. 

In  addition,  Chevron,  which  is 
considered  critical  infrastructure 
under  the  federal  government’s 
Department  of  Homeland  Secur¬ 
ity  is  out  in  front  of  the  require¬ 
ments  outlined  in  February’s 
Homeland  Security  Presidential 
Directive. 

Salyards  says  the  cost  —  not  in¬ 
cluding  services  —  was  $50  per 
user  for  the  cards,  readers  and 
software.  Chevron  won’t  disclose 
what  it  spent  on  SmartBadge  or 
what  its  overall  cost  savings  have 
been,  but  Yee  says  the  ROI  was 
immediate. 

Getting  started 

In  2000,  Yee  says,  Chevron 
began  to  refresh  servers,  desk¬ 
tops  and  network  security  The 
project  heated  up  nearly  a  year 
later,  after  a  merger  with  Texaco 
that  created  a  need  for  new 
employee  badges,  and  the  Sept.  1 1 
terrorist  attacks.  It  was  then  that 
Chevron’s  board  made  an  ongo¬ 
ing  study  of  two-factor  authentica¬ 
tion  part  of  a  mandate  around 
improvements  to  security 

In  November  2001,  the  Smart- 
Badge  pilot  launched,  which 
amounted  to  Phase  3  of  the  now- 
official  project.The  majority  of  the 
badges  rolled  out  in  2002  and  by 
early  2004  were  being  activated. 


The  activation  milestone  drew 
an  in-person  visit  in  February 
2004  from  Microsoft’s  Bill  Gates, 
who  was  on  his  way  to  the  RSA 
Security  Conference  where  he  de¬ 
clared  the  password  would  die 
and  two-factor  authentication  was 
the  future. 

What  Gates  saw  at  Chevron  was 
an  infrastructure  that  includes 
Schlumberger’s  Identity  Process 
Security  Platform  card-manage¬ 
ment  system,  an  Active  Directory 
infrastructure  that  is  the  authorita¬ 
tive  source  for  user  information, 
and  a  public-key  infrastructure,  in¬ 
cluding  a  certificate  authority, 
built  on  Windows. 

Employees  obtain  a  Smart- 
Badge  from  Chevron  Business 
and  Real  Estate  Services,  a  facili¬ 
ties  business  unit  that  embeds 
identity  information  onto  the 
cards’  two  building-access  chips. 

End  users  then  insert  their 
SmartBadge  into  a  card  reader  on 
their  desktop  or  laptop  and  enter 
a  one-time  password  to  activate 
the  card-management  system. 

The  system  asks  a  series  of  ques¬ 
tions  before  binding  the  card  to 
the  end  user  and  downloading  to 
the  card’s  third  chip  a  set  of  digital 
certificates  used  for  logon,  en¬ 
cryption  and  digital  signatures.  In¬ 
formation  in  Chevron’s  IT  systems 
guarantees  the  card  was  issued  to 
the  person  activating  it. 

“We  spent  about  two  months  en¬ 
gineering  a  [distribution]  model 
that  would  work  across  both  facil¬ 
ities  and  IT,”Yee  says. 

After  activation,  the  cards  log 
users  onto  the  network  and  their 


desktops. 

The  desktop  logon  is  integrated 
with  single  sign-on  software 
called  v-Go  from  Passlogix.  This 
makes  the  SmartBadge  the  only 
credential  needed  for  end  users 
to  access  network  resources. 

For  added  security  v-Go  binds 
the  end  users’  identity  certificate 
stored  on  the  SmartBadge  to 
v-Go’s  list  of  application  pass¬ 
words;  this  protects  the  sensitive 
list  from  both  internal  administra¬ 
tors  and  external  hackers. 

To  combat  the  inevitable  loss  of 
cards,  Chevron  this  year  deployed 
a  customized  emergency-access 
extension  to  the  card  manage¬ 
ment  system.  It  allows  end  users 
who  forget  their  PIN  to  get  offline 
access  to  their  machines,  and  pro¬ 
vides  temporary  replacements  for 
lost  or  damaged  SmartBadges. 

The  temporary-card  system  is 
being  rolled  out  as  kiosk-style  sta¬ 
tions  and  is  designed  to  get  new 
cards  to  users  immediately  or 
within  48  hours.The  kiosk  system, 
which  requires  dual  validation 
that  combines  the  employee’s 
data  with  information  from  a  des¬ 
ignated  manager,  dispenses  a  tem¬ 
porary  SmartBadge  that  is  good 
for  network  access  for  14  days.  In 
addition,  the  card-management 
system  revokes  the  logon  certifi¬ 
cate  from  the  lost  card  and  recov¬ 
ers  the  encryption  certificate. 

Yee  says  one  of  the  biggest  chal¬ 
lenges  was  overcome  early  by 
gaining  executive  support. 

“We  had  to  prove  that  we  had 
control  and  governance  by  high- 
level  officials  around  these  sys¬ 


tems,”  says  Yee,  who  adds  that  a 
12-person  core  group  built  the 
SmartBadge  infrastructure.  “Be¬ 
cause  we  had  all  that  in  place  we 
were  very  effective  in  convincing 
the  executives  that  this  was  a  go.” 

Yee  also  wrestled  with  Human 
Resources  to  make  sense  of  the 
130  systems  it  operates  so  the 
SmartBadge  would  have  one 
authoritative  source  for  data. 
Eventually,  Yee  used  a  meta¬ 
directory  to  feed  user  data  collat¬ 
ed  from  HR  systems  into  Active 
Directory  and  a  tool  that  allows 
end  users  to  manage  portions  of 
their  data  in  the  directory 

“This  is  a  workable  system  for 
now,  with  over  90%  accuracy  of 
user  data,”Yee  says. 

Another  challenge  was  meeting 
the  stringent  import  requirements 
on  cryptography  in  foreign  coun¬ 
tries,  such  as  China  and 
Kazakhstan. 

“When  you  start  putting  inte¬ 
grated  circuit  chips  on  a  card 
specifically  for  network  authenti¬ 
cation  and  especially  encryption, 
that  is  where  the  flags  are  raised,” 
Salyards  says. 

Chevron  had  to  get  US.  govern¬ 
ment  authorization  to  use  the 
SmartBadge  in  countries  where 
the  United  States  prohibits  export, 
including  Cuba,  Iraq  and  Libya. 

Yee  says  other  challenges 
focused  on  defining  rules;  work- 
flows  and  processes;  mapping 
data  via  provisioning  connec¬ 
tors  to  other  systems;  managing 
change;  and  designing  remote 
access  to  support  password-less 
logons. 

Building  a  test  environment  also 
minimized  post-deployment  tech¬ 
nical  glitches,  capacity  problems 
and  software  bugs, Yee  says. 

However,  he  acknowledges  that 
a  few  passwords  remain.  Most  are 
forced  by  Windows  requirements 
such  as  passwords  for  the  “Run 
As”  feature  administrators  use  to 
access  some  tools.  Also,  some  re¬ 
mote  access  systems,  such  as  Out¬ 
look  Web  Access,  don’t  work  with 
smart  cards.  Chevron  also  needs 
to  integrate  its  Linux  desktops  into 
Active  Directory  Such  issues  will 
be  solved  early  next  year, Yee  says. 

Chevron  has  gone  beyond  the 
original  project  scope  and  is 
planning  to  extend  SmartBadge, 
including  badge  provisioning. 
Next  year,  it  plans  to  add  feder¬ 
ated  authentication,  and  in  2007 
include  role-based  access  con¬ 
trols  in  Active  Directory  along 
with  federated  access  and  policy 
management.  ■ 


Microsoft 

continued  from  page  9 

says  Chris  Alliegro,  an  analyst  at  independent  research  firm  Directions 
on  Microsoft.“But  one  of  the  challenges  that  Microsoft  has  faced  in  the 
past  is  that  it  provides  [business-intelligence]  infrastructure,  but  it  does 
not  provide  any  sort  of  end-user  product.”  Microsoft  hopes  to  change 
that  starting  with  the  Business  Scorecard  Manager  and  Office  12. 

Still,  some  say  that  change  may  not  help. 

“The  problem  with  Office  is  that  its  connection  with  [business  intelli¬ 
gence]  is  just  one  of  many  things  that  Microsoft  is  trying  to  do  with  that 
product  and  the  question  is,  will  Office  do  so  many  things  that  it  will  do 
nothing  very  well. That  is  the  thing  that  customers  need  to  watch  out 
for,”  says  Joe  Wilcox,  an  analyst  with  Jupiter  Research. 

The  other  issues  are  when  and  if  users  will  adopt  Office  12.  A  Jupiter 
Research  survey  showed  that  39%  of  businesses  with  250  or  more 
employees  use  Office  2003,  which  shipped  two  years  ago.That  leads  Wil¬ 
cox  to  believe  Office  12  adoption  through  2007  will  be  modest. 

Potential  competitors  say  Microsoft  is  stretching  things. 

“[Business  intelligence]  is  not  about  Office,” says  Gerry  Cohen, CEO  of 
Information  Builders,  which  develops  business-intelligence  software. 
“There  might  be  some  nice  apps  that  hook  into  Office,  but  labeling  it  a 
big  [business-intelligence]  initiative  is  misleading.”  ■ 
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Wireless 

continued  from  page  8 

residential  and  business  [wireless]  access 
to  the  Internet,  in  fixed,  metroscale  nets.” 

It’s  precisely  that  scenario  of  fixed,  metro- 
area  access  that  is  drawing  the  serious 
attention  of  users  and  service  providers. 

The  city  of  Minneapolis  is  working  toward 
creating  a  pervasive  wireless  mesh  network 
for  public  safety  workers  and  city  employ¬ 
ees,  and  for  providing  a  low-cost,  broad¬ 
band  wireless  Internet  access  for  residents 
and  businesses. 

The  all-IP  network  will  likely  combine 
an  802.11-based  mesh  for  client  access, 
with  WiMAX  providing  backhaul,  in  addi¬ 
tion  to  fiber,  says  William  Beck,  the  city’s 
deputy  CIO. 

“Direct  connect  and  backhaul  are  the 
plays  for  WiMAX,”  Beck  says.  “We  have 
350  facilities  around  the  city  that  we 
want  to  connect.  We  can  use  WiMAX  for 
that."  Such  a  network  would  let  the  city 
shift  mobile  computing  from  expensive 
Sprint  cellular  data  services  and  support 
such  bandwidth-hungry  applications  as 
its  growing  web  of  wireless  surveillance 
cameras. 


Ninety-seven  vendors  responded  to  the 
city’s  request  for  proposals.  Officials  last 
week  narrowed  the  field  to  two  from  nine 
comprehensive  proposals,  EarthLink  and 
US  Wireless. 

WiMAX  also  is  being  considered  by  the 
U.S.  Department  of  Agriculture  as  a  way 
to  move  big  data  files  from  image  pro¬ 
cessing  computers  to  farm  equipment, 
says  James  McKinion,  research  electron¬ 
ics  engineer  with  the  department’s 
Genetics  and  Precision  Agriculture 
Research  Unit. 

One  such  application  works  like  this: 
Aircraft  fly  over  farm  crops  and  take  multi- 
spectral  images  (in  effect,  photos  taken  in 
several  kinds  of  electromagnetic  “lights”) 
early  in  the  growing  cycle. 

The  images  are  processed,  coordinated 
with  on-site  data  via  handhelds  used  by 
field  consultants,  and  then  further  pro¬ 
cessed  to  give  time  and  location  data  to 
controllers  and  GPS  monitors  mounted 
in  sprayers  and  tractors. 

Using  this  data,  farmers  can  target  and 
limit  insecticide  spraying.That  would  cut 
costs,  improve  efficacy  of  spraying  and 
use  fewer  chemicals. 

Speed  is  vital,  McKinion  says  as  the  farms 


have  a  little  more  than  24  hours  to  translate 
the  imaging  data  into  a  spraying  pattern  to 
be  most  effective. 

Today  two  plantation  pilot  systems  in 
Mississippi  rely  on  proprietary  fixed  wire¬ 
less  broadband  gear  in  900MHz  and 
2.4GHz  band  to  transport  the  data  files  from 
the  processing  center  to  what  is  in  effect 
the  farm’s  data  center,  and  to  the  equip¬ 
ment  in  the  fields. 

“Instead  of  manually  plugging  PC  cards 
into  the  controllers,  we  can  use  wireless  to 
deliver  megabytes  of  data  in  a  few  seconds, 
and  to  make  sure  we  get  the  right  data  to 
the  right  equipment,”  he  says.  “WiMAX  will 
make  this  data  more  available  to  farmers  in 
rural  areas.” 

“We  could  use  a  few  WiMAX  base  stations 
to  cover  an  entire  county  And  pricing  for 
WiMAX  equipment  promises  to  greatly 
lower  the  costs”  compared  to  proprietary 
radios,  he  says. 

Carriers  pilot  services 

Meanwhile,  services  such  as  backhaul  are 
the  types  of  offerings  drawing  attention  of 
companies  such  as  AT&T. 

“Our  focus  is  on  fixed  WiMAX  services,” 
says  Behzad  Nadji,AT&T  chief  architect. 


One  reason  is  that  AT&T  pays  local  in¬ 
cumbent  local  exchange  carriers  about 
$8.5  billion  every  year  to  provide  last- 
mile  access  between  AT&T’s  network 
core  and  AT&T  customers’  networks. 

“We’re  paying  high-octane  profits  to 
those  guys,”  Nadji  says.  AT&T  is  weighing 
the  technical  and  business  feasibility  of 
creating  a  WiMAX  service  that  would 
eliminate  those  middlemen. 

AT&T  enterprise  users  in  a  recent  survey 
want  services  that  provide  data  backup,  pri¬ 
mary  network  access  and  load-sharing,  in 
that  order, according  to  Nadji.  Users  see  the 
main  benefits  of  WiMAX  as  improved  reach 
—  being  able  to  get  network  access  where 
they  need  it,  lower  access  costs,  alternative 
network  access  and  disaster-recovery 
options. 

As  part  of  its  WiMAX  evaluation,  AT&T 
is  preparing  to  launch  its  third  and  most 
ambitious  WiMAX  trial  later  this  year, 
building  a  wireless  broadband  network 
in  part  of  Atlanta  to  link  business  cus¬ 
tomers  with  AT&T’s  core  network.  The 
company  already  has  pilot  networks 
with  a  trio  of  businesses  in  suburban 
Middletown,  N.J.,  and  a  handful  of  tiny 
villages  in  rural  Alaska.® 
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Where  the  Ms  are  headed 

Here's  where  the  CTOs  from  the  four  RBOCs  say  their 
companies  are  going  over  the  next  12  months: 


Carrier 

Direction 

BellSouth 

Selected  IP  Multimedia  Subsystem  vendor;  offering  pre-WiMAX  wireless 
broadband  services  in  New  Orleans  and  Athens,  Ga„  trials  in  Florida. 

Qwest 

Rolling  out  nationwide  consumer  VoIP  service,  WiMAX  service  and 
perhaps  IMS-based  video  integration  to  business  customers  next  year. 

SBC 

WiMAX  trials  iater  this  year,  IMS-based  consumer  VoIP  in  2006;  IMS- 
based  wireline/wireless  integration  in  2007. 

Verizon 

Possibly  wiil  select  its  Broadband  Home  Router  vendor  by  end  year; 
issuing  Gigabit  passive  optical  networking  RFP  before  year-end;  pre- 
WiMAX  trials  in  Grundy,  Va„  Emmaus,  Pa.,  and  Rantoul,  III.,  ready  for 
commercial  service  as  soon  as  cost-effective  equipment  is  available. 

CTO 

continued  from  page  1 

data  sessions,  and  enables  ser¬ 
vices  such  as  text  messaging, 
voice  mail  and  file  sharing  to 
reside  on  application  servers 
anywhere,  and  be  delivered  by 
multiple  wired  and  wireless  ser¬ 
vice  providers. 

But  the  standard  is  complex, 
immature  and  in  need  of  a  lot  of 
work, some  CTOs  said. 

“IMS  is  in  this  stage  of  infancy 
because  we’ve  still  got  work  to  do 
in  the  industry  to  define  it  more 
succinctly  more  explicitly  Bell¬ 
South  CTO  Bill  Smith  said.  None¬ 
theless,  BellSouth  has  selected 
but  not  announced  an  IMS  ven¬ 
dor  and  is  unwavering  on  the 
potential  of  IMS. 

“IMS  is  as  important  to  the 
future  of  integrated  network  ser¬ 
vices  as  intelligent-network  fea¬ 
tures  were  to  the  traditional  cir¬ 
cuit-switched  network,”  Smith 
said.  We’re  going  to  be  surprised 
and  amazed  at  the  power  an  IMS 
system  gives  you  for  intelligent 
control.” 

Although  the  value  of  IMS  is 
clear,  the  same  cannot  be  said  for 
the  emerging  WiMAX  standard 
for  wireless  broadband.  WiMAX  is 
a  point-to-muitipoint  technology 
that  can  transfer  about  70M 
bit/sec  over  a  distance  of  30 
miles  to  thousands  of  users  from 
a  single  base  station.  It  provides 
wireless,  last-mile  broadband 
access  in  licensed  and  unli¬ 
censed  spectrum  below  the  11- 
GHz  frequency  band,  and 
between  10GHz  and  66GHz  to 
connect  homes,  businesses  and 
wireless  LAN  hot  spots. 

BellSouth  has  pre-WiMAX  wire¬ 
less  broadband  services  in  New 
Orleans  and  Athens,  Ga.,  and  a 
trial  in  Palatka,  Fla.  But  the  carrier 
is  hard  pressed  to  find  an  exclu¬ 
sive  role  or  application  for 
WiMAX. 

“1  really  believe  WiMAX  is  a 
great  supplement  to  all  the  other 
things  that  we  offer’’  Smith  said. 
“It’s  unlikely  in  my  mind  that 
WiMAX  becomes  the  only  com¬ 
munications  access  vehicle.” 

Qwest  believes  it’s  found 
WiMAX’s  niche.  The  carrier  plans 
to  turn  up  a  WiMAX  service  next 
year  based  on  a  trial  it  is  con¬ 
ducting  in  northern  Denver. 

The  trial  service  runs  in  the  3.5- 
GHz  band  of  the  radio  spectrum. 
Qwest  is  streaming  video  over 
the  WiMAX  network  because 
real-time  video  stretches  the  lim¬ 


its  of  the  shared-bandwidth  archi¬ 
tecture  of  WiMAX,  said  Qwest 
CTO  Balan  Nair. 

“You  need  much  better  com¬ 
pression  schemes  to  make  real¬ 
time  video  work,”  Nair  said. 

Qwest  also  plans  to  expand  its 
consumer  VoIP  offering  nation¬ 
wide  next  year.  The  service  is 
offered  in  select  cities  in  Qwest’s 
14-state  territory. 

Qwest  also  has  started  imple¬ 
menting  “bits  and  pieces”  of  its 
IMS  strategy,  Nair  said,  and  could 
roll  out  an  IMS-based 
voice/video  integration  to  busi¬ 
ness  customers  in  the  first  half  of 
next  year. 

“The  first  phase  of  our  imple¬ 
mentation  is  really  to  tie  the  fea¬ 


tures  that  SIP  would  bring  to 
existing  black  phones,”  he  said. 
“We’re  building  other  features 
that  will  also  be  integrated  into 
our  video  offering.  You’ll  be  able 
to  go  into  the  call  log  and  just 
click  a  name  and  dial  the  num¬ 
ber  back;  you’ll  be  able  to  check 
your  voice  mail.” 

IMS  will  be  ready  to  provide 
these  types  of  capabilities  for 
SBC’s  consumer  VoIP  service  next 
year,  Rice  says. 

By  2007,  it  will  be  ready  to  deliv¬ 
er  on  the  wireline/wireless  inte¬ 
gration  the  technology  promises, 
he  said. 

SBC  recently  selected  Lucent  as 
its  IMS  vendor. 

Although  it  is  not  as  far  along  as 


Qwest,  SBC  is  planning  its  own 
WiMAX  trials  this  year  to  evaluate 
the  technology  for  niche  applica¬ 
tions,  such  as  broadband  fill-in, 
wireless  loop  and  special-access 
replacement  on  licensed  spec¬ 
trum;  and  up  to  1.5M  bit/sec  ser¬ 
vice  in  areas  where  there  is  not 
broadband,  using  unlicensed 
spectrum.  . 

“WiMAX  may  be  a  good  eco¬ 
nomic  way  to  do  that,  because  I 
can’t  get  DSL  out  there  economi¬ 
cally,  everywhere,”  Rice  said.  “It 
just  isn’t  feasible.  Once  I  get  90% 
DSL  coverage,  WiMAX  may  be 
how  I  get  the  next  10%.” 

Verizon  has  three  pre-WiMAX 
wireless  broadband  trials  under¬ 
way  that  are  ready  to  transition  to 
commercial  service  once  cost- 
effective,  IEEE  802.16-certified 
equipment  emerges,  says  CTO 
Mark  Wegleitner.  They  are  in 
Grundy,  Va.;  Emmaus,  Pa.;  and 
Rantoul.Ill. 

“We  would  be  ready  to  go  as 
soon  as  we  could  get  affordable 
equipment  from  a  supplier”  he 
said. 

He  sees  a  limited  role  for 
WiMAX  —  in  hot  spots,  or  where 
DSL  cannot  be  economically 
provisioned,  such  as  in  rural 
areas  where  Verizon  is  conduct¬ 
ing  trials. 

“That  is  our  focus,”  he  said. 
“Nothing  more,  nothing  less.” 


Wegleitner  emphasizes  this,  be¬ 
cause  with  WiMAX’s  bandwidth 
and  reach,  some  have  pitched  it 
as  a  replacement  for  the  fiber- 
based  triple-play  services  —  inte¬ 
grated  voice/data/video  —  that 
Verizon  and  the  other  RBOCs  are 
developing  and  provisioning  to 
homes  and  businesses.  But  for 
that,  Verizon  is  forging  ahead  on 
its  fiber-to-thepremises  strategy 

The  RBOC  is  close  to  naming  a 
vendor  for  its  Broadband  Home 
Router,  the  residential  gateway 
piece  of  its  FTTP  triple-play 
deployment  that  supports  band- 
widths  of  100M  bit/sec.  or  more 
and  adheres  to  specifications 
defined  by  the  Multimedia  Over 
Coax  Alliance  (MoCA). 

MoCA  specifies  a  270M  bit/sec 
throughput  for  DVD-quality 
entertainment  and  as  a  back¬ 
bone  for  multiple  wireless  access 
points  used  to  extend  the  reach 
of  wireless  throughout  a  home. 

Verizon  also  is  issuing  a  Gigabit 
passive  optical  networking  RFP 
later  this  year  to  begin  GPON 
deployments  to  FTTP  homes  and 
businesses  in  the  second  half  of 
2006.  FTTP  is  based  on  broad¬ 
band  PON  technology,  which 
supports  speeds  of  622M  bit/sec 
downstream  and  155M  bit/sec 
upstream. 

GPON  will  effectively  double  or 
quadruple  that.  ■ 


Industry  group  plans  VoIP  best  practices 


BY  TIM  GREENE 

An  industry  group  is  working  toward  a  best- 
practices  document  that  will  spell  out  for  busi¬ 
nesses  how  to  build  secure  VoIP  networks 
using  specific  makes  and  models  of  equip¬ 
ment. 

While  the  report  won’t  be  available  until  next 
year,  it  will  be  a  practical  implementation 
guide  to  securely  set  up  VoIP  says  Andrew 
Graydon,  a  director  of  the  VOIP  Security 
Alliance  (VOIPSA),  the  group  writing  the 
papers. 

The  document  will  present  sample  deploy¬ 
ments  that  have  been  tested  by  VOIPSA  and 
found  to  be  interoperable  and  secure,  he  says. 
He  said  it  won’t  be  ready  until  after  another 
VOIPSA  report  that  will  be  released  by  year- 
end.  The  project  is  third  on  a  list  of  tasks  the 
group  is  addressing,  and  VOIPSA  is  still  solicit¬ 
ing  members  of  a  committee  to  work  on  it. 

Vulnerability  is  a  major  concern  for  business¬ 
es  implementing  VoIP  and  for  governments 
that  want  to  guarantee  reliable  phone  service 
to  sustain  their  economies.  A  German  govern¬ 
ment  agency  last  week  released  its  own  list  of 
VoIP  threats.The  German  report  finds  the  risk  of 
IP-voice  service  interruption  so  great  that  it  rec¬ 


ommends  keeping  voice  and  data  networks 
separate  —  undermining  convergence. 

Earlier  this  year  in  the  United  States,  the 
National  Institute  of  Standards  and  Techno¬ 
logy  (NIST)  issued  its  own  report  on  the  sub¬ 
ject,  including  recommendations  for  avoiding 
security  pitfalls.  Unlike  VOIPSAs  work,  which  is 
being  done  mainly  by  vendors  with  an  eye 
toward  the  nuts  and  bolts  of  implementing 
networks,  NIST’s  document  was  made  by  gov¬ 
ernment  researchers  setting  principles  to  fol¬ 
low  when  doing  so. 

VOIPSA  last  week  cataloged  36  pages  of 
potential  VoIP  vulnerabilities  and  plans  to 
issue  a  separate  document  by  year-end  that 
describes  how  technologies,  without  mention¬ 
ing  vendors,  can  protect  networks. 

The  list  of  potential  vulnerabilities,  called 
“VoIP  Security  and  Privacy  Threat  Taxonomy 
defines  potential  threats,  Graydon  says.  In  addi¬ 
tion,  the  taxonomy  can  inform  businesses  con¬ 
sidering  VoIP  about  known  threats  so  they  can 
deal  with  them.  “It  describes  a  set  of  risks  you 
need  to  be  mindful  of,  specific  issues  you 
might  want  to  be  concerned  about,”  says 
Jonathan  Zar,  the  head  of  the  project. 

The  study  lists  potential  problems  including 


theft  of  service,  spamming,  intentional  disrup¬ 
tion  of  services,  number  harvesting,  man-in- 
the-middle  attacks,  call  rerouting  and  altering 
conversations.  Solutions  for  some  of  these 
problems  exist  today. 

VoIRas  a  software  application  running  on  IP 
networks,  is  open  to  many  threats,  says  Art 
Manion,  an  Internet  security  analyst  for  the 
Computer  Emergency  Response  Team  at 
Carnegie  Mellon  University  in  Pittsburgh. 
While  the  potential  exists,  he  says  he  is  un¬ 
aware  of  any  exploit  being  carried  out  to 
exclusively  target  VoIP 

“Every  piece  of  software  has  vulnerabilities, 
and  that  includes  VoIP  software,”  Manion  says. 
“A  VoIP  phone  is  a  small  computer,  so  the  same 
problems  that  affect  Web  servers  and  browsers 
can  affect  VoIP’ 

VoIP  is  also  susceptible  to  general  network 
threats,  such  as  denial-of-service  attacks, 
worms  and  viruses.  These  don’t  have  to  take 
down  the  network  entirely  to  affect  a  voice 
call;  they  just  have  to  cause  enough  delay  and 
jitter  to  break  up  the  stream  of  voice  packets  to 
cause  audible  disruption,  he  says.  Assuring  the 
general  security  of  the  network  is  a  must  for 
VoIP  security  ■ 
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Postini  to  offer  new  threat-JD  service 


BY  CARA  GARRETSON 

An  e-mail  security  provider  last 
week  announced  commercial 
offering  of  its  Postini  Threat  Iden¬ 
tification  Network  Access,  which 
the  company  has  been  using  as 
part  of  its  hosted  service  to  pin¬ 
point  senders  of  spam  and  mali¬ 
cious  e-mail. 

Postini’s  offering  is  based  on  a 
real-time  analysis  technology  that 
examines  the  patterns  of  IP 
addresses  in  mail  sent  to  the  com¬ 
pany’s  customer  base  and  blocks 
traffic  from  addresses  deemed 
suspicious,  says  Andrew  Lochart, 
senior  director  of  marketing.  Each 
IP  sending  address  monitored  by 
Postini  is  given  a  score  based  on 
activity  —  for  example,  an  IP 
address  that  suddenly  sends  hun¬ 
dreds  of  thousands  of  e-mail  in  a 
short  period  would  score  high  on 
the  potential  threat  scale  —  and 
messages  coming  from  high-scor¬ 
ing  addresses  would  be  blocked 
until  the  sender’s  activity  returns 


No  shortage 
of  words 

The  data  that  drives  Postini 
Threat  Identification  Network 
is  gathered  from  the  500  mil¬ 
lion  messages  the  company 
processes  every  day. 

SOURCE:  POSTINI 


to  a  normal  level,  Lochart  says. 

PT1N  has  been  a  part  of  Postini’s 
outsourced  e-mail  security  for 
three  years;  Postini  now  is  mak¬ 
ing  the  technology  available  to 
three  sets  of  third-party  compa¬ 
nies.  The  first  group  embraces 
makers  of  routers  and  e-mail 
gateways  that  want  to  integrate 
PTIN  into  their  products  to  pro¬ 
vide  an  extra  level  of  threat  pro¬ 
tection,  Lochart  says. 

“Our  engineers  have  figured  out 
they  can  use  [Border  Gateway 


Protocol]  to  send  snapshots  of 
data  to  the  router  and  update  that 
information  ...  so  if  a  range  of  IP 
addresses  are  engaged  in  an  at¬ 
tack  for  some  period  of  time,  [the 
updates  would  say]  don’t  route 
packets  from  them,”  Lochart  says. 
Postini  is  in  talks  with  an  equip¬ 
ment  maker  to  purchase  PTIN  and 
hopes  to  make  a  related  an¬ 
nouncement  in  the  future,  he  says. 

The  benefit  for  companies  is 
another  level  of  security  against  e- 
mail  threats,  offering  an  additional 
component  of  protection  to  the 
“cocktail  approach”  to  security, 
one  analyst  says. 

“Companies  like  Postini  that 
handle  tremendous  amounts  of 
spam  are  starting  to  extract  the  in¬ 
telligence  which  will  add  addi¬ 
tional  blocking  capabilities  to 
organizations, and  by  pushing  that 
service  out  to  let’s  say  the  router 
level,  it  would  add  yet  another 
layer  of  protection,”  says  Matt 
Cain,  an  analyst  at  Gartner. 


The  second  group  to  which 
Postini  is  looking  to  sell  PTIN  is 
ISPs  that  want  up-to-date  informa¬ 
tion  about  any  of  their  members 
considered  a  threat, so  the  ISP  can 
take  action  to  correct  the  situa¬ 
tion,  Lochart  says. 

The  third  group  is  companies 
that  provide  reputation  services  to 
legitimate  e-mailers.  For  these 
companies  Postini  would  supply  a 
history  of  sending  activity  so  that 
the  certifier  could  be  sure  of  an  e- 
mail  sender’s  reputation. 

Postini  in  June  was  awarded  a 
patent  with  35  claims  that  cover 
how  PTIN  works.  While  competi¬ 
tors,  including  IronPort,  Cipher- 
Trust,  Symantec,  Trend  Micro  and 
others,  take  a  similar  approach  to 
flagging  suspicious  IP  addresses, 
Lochart  says  he  is  unaware  of  any 
other  company  making  their  tech¬ 
nology  commercially  available 
outside  of  their  service  offerings. 

PTIN  Access  pricing  will  be  set 
on  a  case-by-case  basis.  ■. 


NetPro  adds  group  policy  management 


BY  JOHN  FONTANA 

NetPro  last  week  bolstered  its  security  and 
compliance  suite  for  Microsoft’s  Active 
Directory  with  software  that  lets  users  delegate 
who  can  set  and  change  policies  used  to 
manage  desktops  and  servers. 

NetPro’s  ChangeManager  is  a  workflow- 
based  change  management  system  for  the 
group  policy  objects  (GPO)  of  Active  Di¬ 
rectory  GPOs,  which  are  supported  on 
Windows  2000,  XP  and  Windows  Server  2003, 
let  administrators  manage,  customize  and  lock 
down  desktop  and  server  settings  based  on  a 
set  of  policies  maintained  in  the  directory 
ChangeManager  is  designed  to  let  compa¬ 
nies  build  workflow  and  approval  processes 
around  management  of  GPOs. 

The  use  of  group  policy  is  catching  on 
because  users  are  starting  to  get  the  infrastruc¬ 
ture  pieces  in  place,  including  Win  2000  or  XP 
Professional  on  the  desktop  and  a  server  infra¬ 
structure  that  includes  Active  Directory 
IDC  says  as  many  as  80%  of  users  in  North 
America  have  Active  Directory  deployed. 

“The  next  logical  thing  to  do  is  to  take  advan¬ 
tage  of  group  policy;  it’s  pretty  powerful,”  says 
A1  Gillen,  an  analyst  with  IDC.  “But  if  you  use 
group  policy  to  manage  desktops  and  servers, 
you  need  to  track  and  audit  changes,  and  that 
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is  where  this  software  comes  into  play  I  would 
guess  to  some  extent  that  the  drive  toward  reg¬ 
ulatory  compliance  is  influencing  this  space.” 

NetPro’s  software  features  role-based  delega¬ 
tion  of  group  policy  management  using  roles 
of  requester,  reviewer  and  approver.  NetPro  has 
added  a  workflow  engine  to  link  the  three 
roles.  Users  also  can  create  customized  roles 
within  each  of  the  three  categories. 

With  the  Active  Directory  GPO  tools,  ad¬ 
ministrators  can  be  assigned  to  manage  spe¬ 
cific  GPOs.  But  with  ChangeManager,  an 
administrator  could  be  restricted  to  requesting 
changes  or  the  ability  to  request  changes  only 
on  specific  settings  within  a  GPO. 

The  software  lets  users  test  GPO  changes 
before  submitting  them  to  the  workflow- 
approval  process.  Once  a  change  is  approved, 
it  is  added  to  a  deployment  schedule  and 
automatically  rolled  out  by  ChangeManager. 
The  software  also  features  rollback  so  GPOs 
can  be  reset  if  problems  occur  when  they  are 
deployed. 

“Users  are  finding  generic  change  manage¬ 
ment  [software]  doesn’t  get  down  to  the  level 
of  detail  they  need  to  get  to,  and  they  also  are 
finding  they  have  to  document  these  workflow 
processes  for  compliance  reasons,”  says  Brad 
Hibbert,  vice  president  of  strategy  for  NetPro. 

ChangeManager  also  integrates  with  Net¬ 
Pro’s  ChangeAuditor,  which  lets  users  audit 
any  changes  made  to  the  directory,  including 
group  policy  settings.  NetPro  also  is  working  to 


integrate  ChangeManager  with  its  Security- 
Manager,  which  eventually  will  detect  if  GPO 
changes  violate  network  security  policies. 

NetPro  plans  to  have  ChangeManager  sup¬ 
port  third-party  extensions  to  GPO  in  future  re¬ 
leases  of  the  software.  It  also  plans  to  expand 
the  workflow  capabilities  to  include  manage¬ 
ment  of  changes  made  to  user  and  group  data 
stored  in  the  directory 

NetPro  competes  with  DesktopStandard, 
FullArmor  and  Quest.  It  also  competes  with 
Special  Operations  Software  and  NetlQ,  both 
of  which  plan  to  release  in  November  up¬ 
grades  to  their  group  policy  software. 

ChangeManager  is  priced  at  $6  per  user 
object.  The  entire  security  and  compliance 
suite  is  priced  at  $19  per  user  object.  ■ 


■The  story  “Storage  options  abound  in  the  SMB- 
based  NAS  ma^ef  (Oct.  24,  page  47)  should 
have  listed  the  price  of  the  infant  lechnologies 
ReadyNAS  box  as  $699  without  disk;  $1,800  for 
IT-byte;  $1,900  tor  1.61-bytes  in  the  graphic. 

■  The  test  "Data  Protection  Manager  is  a  decent 
step  for  Microsoft"  (Oct  17,  page  50)  should  have 
stated  that  Microsoft’s  Data  Manager  support  for 
Windows  XP  and  tape  drives  is  due  in  a  future  release 
of  the  product. 
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NET  INFRASTRUCTURE 

■  SECURITY  ■  SWITCHING  ■ROUTING  If  VPNS  H  BANDWIDTH  MANAGEMENT  8  VOIP  IS  WIRELESS  LANS 


InSite: 


Lessons  fron  Leading  Users 


Kane  County  converges  to  clean  up  network  problems 


Convergence,  state  programs  boost  county  network 

Kane  County,  III.,  has  a  combined  voice-data  network  that  provides  fast,  efficient  connections  among  government  buildings 
and  saves  money  over  the  previous,  separate  voice  and  data  networks. 


A  deal  with  Comcast  and  the 
Illinois'  Century  Network  provides 
a  100M  bit/sec  Ethernet  link  to 
the  Internet  that  local  schools 
can  take  advantage  of. 


Judicial  center , 


A  300-foot  public  safety  radio  tower 
supports  wireless  equipment  that  provides 
primary  and  back-up  network  connections 
to  several  county  buildings. 


Department  of 
Transportation 
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Health  Department 


Courthouse 
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Municipal  fiber  leased  to  the  county  provides 
bit/sec  Ethernet  connectivity. 


100M  bit/sec 
Ethernet  over  fiber 


BY  THU  GREENE 

hen  Roger  Fahnestock  started 
work  in  2002  as  IT  director  of 
Kane  County,  Ill.,  he  found  a 
mishmash  of  antiquated  voice  and 
data  networks  so  sorely  in  need  of  an 
upgrade  that  almost  any  change 
would  have  been  an  improvement. 

By  embracing  the  idea  of  a  con¬ 
verged  voice-data  network  and  plan¬ 
ning  beyond  today’s  needs,  in  just 
three  years  the  county  has  not  only 
eliminated  inadequate  systems,  but 
also  has  saved  money  and  set  itself  up 
for  future  growth. 

A  100M  bit/sec  Ethernet  metropoli¬ 
tan-area  network  and  VoIP  have  com¬ 
bined  to  make  applications  more  reli¬ 
able  and  improve  services  by  making 
sure  that  callers  seeking  help  will 
reach  the  people  they  need. 

When  Fahnestock  arrived,  the 
phone  system  was  a  smorgasbord. 
“We  had  different  PBX  types  from  AT&T 
Partners  to  Merlin  Systems,”  he  says.“We 
had  a  David  system;  we  had  a  Nortel 
Meridian.  We  had  lots  of  Centrex-man- 


aged  lines  from  SBC  —  some  2,200 
phone  numbers  at  a  cost  of  about 
$685,000  per  year.  All  of  it  was  mix  and 
match  and  not  connected  to  the  other 


phone  systems.”  Some  calls  within 
county  offices  were  billed  as  local  long¬ 
distance. 

The  county  had  about  1,600  phones 


with  only  600  Centigram  voice  mail¬ 
boxes  running  on  a  BSD  Unix  box. 
“They  were  running  an  enterprise  voice 

See  Kane,  page  24 


Short  Takes 


ForcelO  bulks  up 
1 0G  Ethernet  gear 


■  Artlba  last  week  rolled  out  wireless 
hardware  and  software  that  aims  to 
improve  mobility  and  security  for  remote 
workers.  The  AP-41  and  AP-65  access 
points  are  designed  to  give  traveling 
workers  Internet  and  remote  office  con¬ 
nectivity.  The  AP-41,  which  costs  $195, 
creates  a  connection  between  a  remote 
location  and  the  company  network  and 
VoIP  services.  The  pocket-sized  AP-65, 
which  costs  $495,  fashions  a  secure 
wireless  hot  spot.  Once  the  access 
points  are  plugged  into  an  Internet  con¬ 
nection,  they  create  a  secure  IPSec  tun¬ 
nel  to  an  Aruba  controller  in  the  data 
center.  They  download  policies  and  con¬ 
figurations  from  the  controllers  to  en¬ 
sure  wireless  security.  Aruba  also  has 
updated  its  mobility  software  to  include 
secure  site-to-siteVPN  connections.  The 


feature  lets  remote  and  branch-office 
users  be  continuously  connected  to 
headquarters  via  secure  VPN  tunnels. 

■  F5  is  integrating  its  Big  IP  SSL  termi¬ 
nation/load-balancing  box  with  its  Fire¬ 
box  SSL  VPN  gear  so  the  Big  IP  device 
can  terminate  SSL  connections.  This 
capability  makes  it  possible  to  link  an  infi¬ 
nite  number  of  Fireboxes  to  create  SSL 
VPNs.  The  Big  IP  box  fronts  the  Fireboxes 
and  parcels  out  connection  requests 
among  them.  The  company  also  is  up¬ 
grading  its  Firebox  software  so  it  can 
redirect  remote  computers  to  remediation 
sites  when  scans  of  the  machines  show 
they  don't  comply  with  VPN  security  poli¬ 
cies.  These  software  upgrades  ship  with 
new  gear  and  are  available  to  current  cus¬ 
tomers  with  service  contracts. 


BY  PHIL  HOCHMUTH 

ForcelO  this  week  is  expected  to 
announce  line  cards  that  pack  up  to  16 
ports  of  10G  Ethernet  into  a  single  chassis 
slot  on  its  flagship  El 200  series  switches. 

The  Ethernet  switch  maker  says  the  card 
can  be  used  to  build  a  backbone  switch 
capable  of  handling  a  maximum  of  224 
10G  Ethernet  links,  aimed  at  the  band- 
width-intensive  data  centers  such  as  large 
corporations  and  service  providers. 
ForcelO  says  the  blades  take  advantage  of 
its  380G  bit/sec  of  bandwidth  per  slot  in 
the  E  series  switches,  allowing  each  port 
to  blast  packets  at  full  throttle  without 
blocking  other  traffic  on  the  module  or 
backplane. 


The  blades,  which  also  come  in  an 
eight-port  10G  Ethernet  version,  are  a  leap 
from  the  vendors  previous  four-port  10G 
Ethernet  modules.  They  are  currently  the 
highest-density  10G  blades  announced. 
(Foundry  is  second  with  an  eight-port 
10G  blade.) 

In  September  2004,  ForcelO  updated  its 
E  series  switches  with  new  switch  fabrics 
that  included  5T  bit/sec  of  total  switching 
capacity  and  380G  bit/sec  of  bandwidth 
between  each  slot  and  the  switch’s  back¬ 
plane. 

The  vendor  says  this  per-slot  capacity 
allows  the  box  to  handle  the  new  16-port 
10G  Ethernet  modules  —  with  a  potential 

See  ForcelO,  page  24 


GE  ROOM  TRANSFORMED  INTO  PEDIATRIC  CLINIC.  Bumrungrad  Hospital,  Southeast 
Asia’s  largest  healthcare  facility,  created  a  kid-friendly  pediatric  clinic  out  of  a  10,000-square-foot 
medical  records  unit.  How?  An  ultra-scalable,  4-way  Intel  Xeon  processor-based  system 
improved  data  reliability  and  made  records  paperless.  Read  more  about  Bumrungrad  Hospital’s 
experience  with  Intel  built  in  at  intel.com/builtin. 
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Alert  Logic  takes  aim  at  security  threats 


Profile:  Alert  Logic 


Location: 

Houston 

Founded: 

2002  by  Misha  Govshteyn,  CEO  and  Matthew  Harkrider,  director  of  operations 

Employees: 

26 

Eaindinrt* 

ruiiumg. 

$2.3  million  from  DFJ  Mercury,  OCA  Ventures,  Access  Venture  Partners 

Product^ervioe: 

Appliance-based  monitoring  and  threat  containment  service,  Invision  Security 

Fun  fact: 

The  two  founders  formulated  their  approach  to  managed  security  services  while  working 
for  Reliant  Energy  Communications,  the  Houston-based  telecom  network  services  firm 
operated  by  the  power  utility. 

ELLEN  MESSMER 

Start-up  Alert  Logic  this  week  makes  its 
debut  with  a  security  service  based  on  its 
security  appliance,  which  is  installed  at 
LAN  segments  within  a  corporate  network 
and  can  help  customers  monitor  for  and 
set  up  automated  responses  to  security 
threats. 

Alert  Logic’s  Invision  Security  service 
provides  intrusion  detection,  network  dis¬ 
covery,  vulnerability  assessment  and  a  way 
to  automate  response  to  events  such  as  a 
computer  worm  by  shutting  down  switch 
or  firewall  ports.  The  port-blocking  meth¬ 
ods  used  by  the  security  appliance  are 
similar  to  services  offered  by  Mirage 
Networks  and  Cisco  MARS  equipment. 

Customers  can  get  a  Web-based  view 
into  the  status  of  their  network  after  secu¬ 
rity-related  data  generated  by  the  appli¬ 
ance  is  processed  in  Alert  Logic’s  center  in 
Houston.  Alert  Logic  also  can  provide 
round-the-clock  monitoring  with  its  own 
security  staff  on  an  outsourced  basis  to 
customers. 


Allied  Home  Mortgage  Capital  Corp.,the 
Houston-based  mortgage  provider  with 
700  offices,  has  been  an  early  adopter  of 
Alert  Logic’s  Invision  Security  service  for 
more  than  a  year,  relying  on  it  for  monitor¬ 
ing  LAN  segments. 

“We  have  millions  of  customer  files  on 
our  network,”  says  David  Langston,  CIO  at 
the  mortgage  firm.  “We  have  public  cus¬ 
tomers  and  internal  users,  and  anybody 
could  be  a  source  of  an  attack.” 

Langston  says  Alert  Logic’s  service  has 
been  reliable  and  reports  virtually  no  false 
positives  via  the  sensors.This  reliability  has 
encouraged  him  to  explore  automating 
some  event  response,  such  as  allowing 
Invision  to  shut  down  LAN  ports  during  a 
detected  worm  outbreak. 

This  automated  response  is  still  in  the 
testing  phase. 

The  Invision  appliance  isn’t  in-line 
equipment  but  works  like  a  traditional 
intrusion-detection  system  by  mirroring 
traffic  to  analyze  it,  based  on  a  threat-mod¬ 
eling,  ranking  and  remediation  model 


developed  at  Alert  Logic,  says  Misha 
Govshteyn,  co-founder  and  CEO  of  the 
company 

Govshteyn  and  Matthew  Harkrider,  di¬ 
rector  of  operations,  founded  the  compa¬ 
ny  in  2002  after  working  together  at 
Houston-based  Reliant  Energy  Communi¬ 
cations,  the  energy  company’s  arm  for 
providing  Web-hosting  and  telecom  ser¬ 
vices  to  businesses. 

At  Reliant,  Govshteyn,  then  director  of 
managed  services,  and  Harkrider,  the  unit’s 


senior  project  manager,  gained  experience 
in  learning  about  security  requirements 
corporate  customers  had  in  monitoring 
their  networks  against  attack.  Three  years 
ago,  the  two  established  their  own  brand 
of  managed  security  services,  picking  up 
venture-capital  backing  (see  graphic). 

The  Invision  Security  service,  which 
includes  the  appliance,  starts  at  $350  per 
month,  with  monitoring  via  the  Active- 
Watch  service  starting  at  an  additional  $275 
per  month.  ■ 


Kane 
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mail  off  a  little  cloned  desktop  in  the  cor¬ 
ner.  It’s  almost  comical,”  Fahnestock  says. 
The  phones  that  had  mailboxes  didn’t 
have  indicator  lights  to  signal  when  they 
had  voice  mail. 

With  a  Cisco  Call  Manager  VoIP  system, 
everyone  has  voice  mail,  there  are  no 
charges  to  transfer  to  other  county  exten¬ 
sions,  hunt  groups  can  be  rapidly 
realigned  to  address  high  call  rates  near 
elections  and  tax  time,  and  uptime  has 
improved,  he  says.  And  annual  operating 
costs  for  the  phone  system  have  dropped 
to  about  $400,000. 

On  the  data  side,  when  Fahnestock  first 
saw  the  network,  it  relied  on  an  IBM 
System  390  mainframe  that  hadn’t  been  IP 
enabled  and  a  mix  of  3Com  and  IBM 
token-ring  gear  serving  1,500  employees 
in  20  buildings  spread  out  over  four  cities. 

The  WAN  infrastructure  consisted  ofT-ls 
that  frequently  failed  and  frame  relay  con¬ 
nections.  Application  development  for  the 
mainframe  was  stagnant. 

“Coming  here  was  like  a  flashback.  I 
worked  in  a  college  in  1996  and  we  were 
migrating  them  off  token  ring  to  a 
switched  network,”  he  says.  “I  come  here, 
and  it’s  2002,  and  they’re  still  on  token 
ring.” 

The  county  was  paying  $250,000  per 
year  for  a  maintenance  and  support 
license  for  the  mainframe,  but  no  new 
programming.  Replacing  the  primary 
mainframe  tax  client/server  package  cost 
an  average  of  $150,000  per  year  spread 


over  five  years. 

Departments  had  started  implementing 
their  own  client/server  applications,  and 
Fahnestock  has  moved  to  standardize  and 
centralize  them. 

“We  had  one  of  everything  here  — 
Novell  3. 12, 4, 4. 1,4. 11,  one  Novell  5  serv- 
eif  Fahnestock  says.  “We  had  an  NT  3.51 
box  when  I  got  here.  I  couldn’t  believe  it. 
We  had  Windows  2000,  some  Red  Hat 
Linux.  We  had  IBM  AS/400s.You  can  imag¬ 
ine  the  complexity  of  supporting  that 
environment.” 

The  county  moved  to  two  server  plat¬ 
forms,  about  60  Windows  2000  servers  and 
five  AS/400s,  with  the  intent  of  upgrading 
to  Windows  Server  2003  next  year. 
Fahnestock  also  is  moving  to  consolidate 
all  file  services  to  a  Network  Appliance 
storage-area  network.  He  standardized  the 
1,200  county  desktops  on  Windows  2000 
and  XP  running  on  Dell  hardware  that  is 
in  a  three-year  replacement  cycle. 

These  changes  called  for  fundamental 
upgrades.  The  first  major  project  was  a 
$  1.5-million  upgrade  of  network  cabling 
from  Category  3  to  Category  6e  because 
the  long-term  goal  is  to  run  Gigabit 
Ethernet  to  the  desktop.  “I  don’t  want  to 
have  to  replace  the  cabling  for  10  years,” 
he  says. 

On  the  wide-area  network  side,  the 
county  opted  to  use  dark  fiber  from  the 
cities  of  Elgin  and  Aurora  to  connect  most 
of  the  county  buildings  on  a  single-mode 
optical  loop  lit  up  by  15  Cisco  Catalyst 
3550  12G  and  two  3550  12T  switches.“It’s  a 
really  flat  network,"  he  says. 

Via  a  deal  with  Comcast,  the  county 


pays  $2,700  per  month  for  a  100M  bit/sec 
connection  to  the  state-run  Illinois  Cen¬ 
tury  Network,  which  links  the  county  to 
the  Internet.The  county  chose  this  option 
rather  than  paying  $1,600  for  dual  T-l 
Internet  links  —  about  one-thirtieth  the 
bandwidth  of  the  Comcast/Illinois  Cen¬ 
tury  connection.  It  can  now  supply 
school  districts  with  Internet  services. 

When  it  came  time  to  pick  a  vendor  for 
the  network  gear,  Cisco  had  a  huge  leg  up 
because  the  county  could  tap  into  a  state 
buying  program  that  offers  a  42.5%  dis¬ 
count.  Fahnestock’s  experience  with  the 
vendor,  staff  knowledge  of  Cisco  technol¬ 
ogy  and  the  availability  of  good  technical 
support  in  the  area  combined  to  make 
Cisco  the  choice  over  Dell  and  HR  he 
says. 

The  clincher  was  that  Cisco  has  its  own 
VoIP  products.  Fahnestock  says  he  was 
concerned  that  using  separate  vendors 


ForcelO 
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total  throughput  of  320G  bit/sec  with  ports 
operating  in  full  duplex  —  with  room  to 
spare. 

For  smaller  deployments,  ForcelO  also  is 
launching  an  eight-port  10G  Ethernet 
module.  This  blade  is  targeted  at  its  E300 
series  chassis. 

Both  blades  use  the  10  Gigabit  Ethernet 
Small  Form  Factor  (XFP)  port  standard  for 
optical  components.  The  16-port  blade 
costs  $57,500  and  the  eight-port  module 
costs  $37,500.  Both  products  are  sched- 


would  lead  to  finger-pointing  if  problems 
arose  with  the  phones. 

In  picking  the  switches,  Fahnestock 
sought  easy  management,  so  he  chose 
what  he  calls  commodity  switches  — 
those  that  are  relatively  flexible  and  simi¬ 
lar  to  each  other.  “We  treat  them  like  pen¬ 
cils.  You  break  one,  you  replace  it,”  he  says. 
He  chose  Catalyst  3524s,  3550s  and  3750s 
in  a  very  flat  architecture. 

“I  don’t  have  these  big  core  switches  sit¬ 
ting  around  handling  hundreds  of  users, 
and  I  don’t  need  a  high-end  engineer  to 
replace  one,”  he  says. 

As  a  result,  the  cost  for  supporting  the 
roughly  140  switches  is  low  because  most 
of  the  work  can  be  done  by  his  staff,  he 
says. 

The  county  has  dropped  its  monthly  IT 
consulting  bill  from  $130,000  to  $10,000 
by  training  and  using  the  26  IT  staff  mem¬ 
bers  to  tackle  most  network  issues.  ■ 


uled  to  be  available  on  Dec.  15. 

As  for  something  to  plug  into  a  10G 
Ethernet  switch,  IBM  and  10G  network 
interface  card  (NIC)  maker  Neterion  are 
expected  to  announce  a  deal  in  which 
IBM  will  sell  Intel-based  xSeries  servers 
with  integrated  Neterion  XFrame  II  10G 
network  adapters. 

The  IBM  servers  —  running  Windows  or 
Linux  —  and  Neterion  NICs  use  the  PCI-X 
2.0  bus  standard  for  connecting  I/O  cards 
to  the  system’s  bus,  allowing  for  a  full  10G 
bit/sec  throughput.  Pricing  and  availabili¬ 
ty  on  the  xSeries  servers  with  10G  NICs 
were  not  released.* 
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a  cost-effective  and  productivity  increasing  solution 

•  Provides  continuous  updates  to  threat  signatures  to 
protect  the  network  against  new  threats 
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mobility  and  productivity  of  your  staff 

•  Offers  complete  network  security  with  one 
activation  key 
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•  Receives  up-to-the-minute  information  about  the 
latest  Internet  security  risks 

•  Includes  1  year  of  SonicWALL  Gateway  Antivirus/ 
Anti-Spyware/Intrusion  Prevention  Service 
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WIRELESS 

CONVERGENCE 


Cellular,  WLAN  convergence  finds  rough  spots 


Convergence  challenges 

According  to  Gartner,  the  requirement  for  new  handsets,  new  Wi-Fi  infrastructure 
and  a  complex  management  system  will  make  converged  Wi-Fi/cellular  voice 
primarily  hype  until  at  least  2009.  But  the  consultancy  says  there  are  other 
challenges: 

•  Todays  implementations  of  802.11b  Wi-Fi  were  not  designed  for  voice,  so  802.11a  is  better  for  capacity. 

•  Fast  roaming,  QoS  and  power-management  limitations  make  it  difficult  for  reliable  voice  delivery. 

•  Very  few  organizations  have  in-building  Wi-Fi  coverage  that  includes  stairwells,  bathrooms,  storage  areas 
and  other  secluded  locations,  which  was  not  required  for  the  initial  Wi-Fi  rollout. 

•  Through  2008,  the  cost  of  a  wireless  LAN  implementation  supporting  voice  will  be  four  times  more  than  the 
cost  of  one  supporting  only  data. 

•  There  are  significant  challenges  on  the  cellular  side.  Handoff  and  billing  are  complex,  and  there  is  no  financial 
incentive  for  wireless  providers  to  offer  these  capabilities.  The  users  goal  is  to  not  pay  for  in-building  wireless 
usage,  that  is,  to  move  it  to  the  Wi-Fi  network. 


BY  JOHN  COX 

hile  testing  a  project  designed 
to  let  handheld  users  go  be¬ 
tween  wireless  LANs  and  cellu¬ 
lar  networks,  Pradip  Patel  made 
a  call  and  walked  into  a  stairwell  of  a 
classroom  building  on  the  University  of 
Michigan’s  Ann  Arbor  campus  and  was 
immediately  thwarted. 

His  first  frustration  was  that  the  IP  voice 
call  he  was  making  over  the  school’s 
802.11b  WLAN  stopped,  because  the 
WLAN  access  points  weren’t  set  up  to 
cover  such  marginal  areas.  That’s  not  a 
problem  for  data  users  but  it  is  for  voice 
calls,  as  Patel  discovered. 

The  second  frustration  for  Patel,  an  engi¬ 
neer  with  the  school’s  IT  Central  Services 
group,  was  that  the  HP  iPAQ  6315  he  was 
using  to  make  the  call  didn’t  automatical¬ 
ly  switch  over  to  a  designated  cellular  car¬ 
rier  as  it  was  supposed  to.  He  had  to  input 
the  number  again,  using  the  iPAQ’s 
GSM/GPILS  modem  to  link  with  the  carri¬ 
er  network. 

Welcome  to  the  seamless  world  of  con¬ 
verged  WLANs  (often  dubbed  Wi-Fi)  and 
cellular  networks.  Convergence  has  been 
talked  about  for  more  than  a  year,  but  the 
first  dual-mode  handhelds,  combining  a 
WLAN  adapter  and  a  cellular  interface, 
emerged  in  late  2004.  Today,  there  is  a 
handful  of  products  from  companies  such 
as  HPNokia  and  Motorola,  with  more  due 
later  this  year. 

The  idea  is  to  give  users  one  handheld 
device  that  makes  use  of  whichever  wire¬ 
less  connection  is  available.  The  device 
could  support  voice  or  data  over  IP-based 
WLANs.  Outside  the  range  of  those  LANs  it 
could  use  the  more  pervasive,  and  much 
more  costly,  cell  networks.  But  to  switch 
between  the  two  disparate  networks  is  not 
a  simple  matter. 

The  University  of  Michigan  is  one  of  three 
schools,  along  with  Northwestern  Univer¬ 
sity  and  Texas  A&M  University  that  has  start¬ 
ed  small  trials  with  a  gateway  from  VeriSign, 
the  network  operator  that  handles  roaming 
and  clearing  among  mobile  network  pro¬ 
viders.  VeriSign’s  Wireless  IP  Connect  Ser¬ 
vice  acts  as  a  translator  between  the 
school’s  IP  network  and  the  carrier’s  com¬ 
plex  cellular  network. 

At  the  Ann  Arbor  campus,  three  users 
carry  iPAQ  PDAs,  each  of  which  has  a 
WLAN  radio,  a  GSM/GPFTS  radio,  a  Blue¬ 
tooth  radio  and  software  from  VeriSign. 
Users  can  take  and  make  VoIP  calls  when  in 


range  of  any  campus  access  point,  or  be 
switched  to  a  cellular  connection  when 
outside  the  WLAN. The  VeriSign  client  code 
lets  cellular  devices  register  as  IP  devices 
through  the  WLAN,  and  sets  up  a  VPN  con¬ 
nection,  for  security  to  the  operator’s  data 
center. 

The  iPAQ  users  have  full  access  to  PBX 
features  such  as  five-digit  calling  on  cam¬ 
pus  and  call  management.They  also  have 
access  to  carrier  data  services  such  as 
Short  Message  Service,  ring  tones,  content 
offerings  and  voice  mail. 

The  wireless  future? 

For  Andrew  Palms,  the  university’s  direc¬ 
tor  of  communications  systems,  the  Veri¬ 
Sign  trial  is  a  starting  point  to  explore  the 
future  of  campus  communications. The  uni¬ 
versity  has  35,000  traditional  phone  lines 
and  about  1,500  VoIP  lines.  “Currently  VoIP 
doesn’t  buy  us  much,”  he  says.“But  it  could 
buy  us  a  lot  if  we  could  include  mobilityThe 
idea  is  transitioning  our  traditional  phone 
service  to  a  mobile  VoIP  service.” 

What  he  envisions  is  letting  students  and 
faculty  choose  whatever  handheld  device 
they  want,  and  then  provisioning  that 
device  with  voice,  data  and  video  services 
from  the  university’s  network  infrastruc¬ 
ture  so  campus  users  can  communicate. 

He’s  not  alone.  A  recent  survey  by  Sage 
Research  asked  166  IT  respondents  to  rate 
their  interest  in  being  able  to  blend  VoIP 
on  internal  WLANs  with  a  mobile  carrier’s 
network.  About  57%  indicated  some  level 
of  interest,  with  about  17%  being  extreme 
ly  interested. 

In  June,  Alexander  Resources,  a  consult¬ 
ing  company  specializing  in  wireless,  esti¬ 
mated  that  convergence  of  Wi-Fi  and  cel¬ 
lular  networks  will  generate  $1.6  billion  in 
new  revenues  for  carriers  by  2010,  an  indi¬ 
cation  of  the  willingness  of  users  to  pay 
considerable  money  for  such  a  service. 

Problems  in  spanning  networks 

But  the  University  of  Michigan  trial 
already  shows  how  hard  it  will  be  to  real¬ 
ize  Palms’  vision.  The  problem  lies  not  in 
the  gateway  functions,  but  in  being  able  to 
span  voice  and  data  services  over  two 
very  different  networks. 

“On  the  physical  [network]  level,  it’s 
actually  quite  easyf  says  Tom  Kershaw, 
VeriSign’s  vice  president  of  marketing. 
“We’re  emulating  the  mobile  net  on  the  IP 
side.  The  complexity  is  in  making  the  two 
nets  look  the  same  to  the  subscriber? 


Different  tariff  plans  are  an  example.  A 
student  might  have  a  flat  rate  for  VoIP  calls 
via  the  WLAN.  But  when  he’s  seamlessly 
handed  off  to  a  cell  network,  the  carrier 
charges  by  the  minute.“You  might  need  to 
somehow  alert  the  subscribers  to  that 
change,  and  ask  them  ‘do  you  want  to  pay 
this  difference?’”  Kershaw  says. 

Dialing  plans  are  different,  Michigan’s 
Patel  says.  “On  campus,  you  enter  an 
access  code  and  then  have  five-digit  dial¬ 
ing  to  reach  someone,”  he  says.“But  in  the 
cellular  net,  these  plans  don’t  work.  So 
how  do  we  resolve  that?” 

Another  issue  for  the  university  is 
improving  WLAN  coverage  to  eliminate 
dead  spots,  such  as  the  stairwell  that  frus¬ 
trated  Patel.  Enterprise  WLANs  will  have  to 
be  pervasive  to  support  mobile  VoIP 

Handset  trade-ofFs 

Today’s  small  crop  of  dual-mode  devices 
forces  a  number  of  trade-offs  on  users. 
Until  recently,  most  devices  have  been 
PDA-types,  larger  and  heavier  and  more 
expensive  than  most  voice  cell  phones. 
Newer  devices  such  as  Motorola’s  recent¬ 
ly  released  CN620  handset  are  more 
“phone-like.”  But  the  CN620  and  Motor¬ 
ola’s  SIP  proxy  server  are  part  of  a  system 
jointly  developed  by  Motorola,  Avaya  and 
Proxim.  Avaya  contributes  the  VoIP  soft¬ 
ware  and  network  hardware;  Proxim  has 
tuned  its  WLAN  access  points  for  voice 
traffic. 

Nokia  in  June  said  it  also  was  partnering 
with  Avaya,  in  this  case  to  create  a  dual¬ 
mode  handset  that  would  run  a  custom- 
built  Avaya  application  enabling  the 
handset  to  make  and  take  calls  over 


WLANs  or  cellular  networks,  via  the  serv¬ 
er-based  Avaya  Communication  Manager. 
The  software  will  have  an  easy-to-use 
menu-driven  user  interface,  so  that  cellu¬ 
lar  handset  users  can  easily  access  a  wide 
range  of  IP  telephony  features,  such  as 
four-digit  dialing  to  a  co-worker’s  exten¬ 
sion  and  call  transfers,  says  Fritz  Ollom,  a 
senior  marketing  manager  with  Avaya. 

Hungry  for  power 

Battery  demand  is  a  key  issue,  says  Patel, 
who  is  managing  the  VeriSign  trial  on-cam¬ 
pus.  “If  I  use  just  basic  phone  service,  that 
will  be  OK  for  a  da/  he  says.  “But  if  I  start 
browsing  [the  Web] ,  I  use  up  more  battery 
life.”  The  WLAN  adapter  is  always  active, 
while  the  cellular  link  is  activated  only 
when  needed,  he  says.  The  drain  increases 
when  other  services,  such  as  GPS,  are  used. 
Patel  says  an  eight-hour  battery  life  for  a 
dual-mode  device,  being  used  for  both 
voice  and  data,  is  probably  a  requirement. 

That  kind  of  battery  life  is  found  in  the  lat¬ 
est  dual-mode  devices,  in  large  part  be¬ 
cause  of  advances  by  radio  chip  makers, 
says  Frank  Hanzlik,  managing  director  for 
the  Wi-Fi  Alliance,  a  vendor  group  that  tests 
and  certifies  interoperability  of  WLAN  prod¬ 
ucts.  About  a  year  ago,  the  Alliance  formed 
a  group  to  focus  on  testing  for  dual-mode 
devices.  So  far,  about  20  devices  have  been 
tested,  though  most  of  them  will  be 
released  later  in  2005  or  early  in  2006. ■ 


|  Read  about  the  latest  news  revolving 
around  the  proposed  802.1  In.  See  page 
48. 


We  deliver  something  for  your 
network  you  thought  was  lost  forever. 
Control. 

it's  time  for  you  to  take  back  your 
network.  And  the  3Com®TippingPointM 

security  solution  is  the  way  to  do  it. 
But  don't  take  our  word  for  it.  Take 

the  word  of  SC  Magazine.  They  awarded 

us  Best  Security  Solution  2005. 

And  if  you  think  they've  got  good 
things  to  say,  go  to  our  website  and 
hear  from  our  customers. 


. 
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.Vry?<> 


•SC  Magazine  awarded  TippingPoint  Intrusion  Prevention  System,  formerly  known  as  UnityOne™,  Best  Security  Solution  for  2005 
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Today,  Bob  rebooted  servers  in  San  Diego, 
fixed  a  network  in  Albuquerque  and  watched 
his  son  earn  bragging  rights  in  Dallas. 


With  Avocent  data  center  management  solutions,  the  world  can  finally  revolve  around  you.  Avocent  puts 

secure  access  and  control  right  at  your  fingertips  -  from  multi-platform  servers  to  network  routers,  remote  data 
centers  to  field  offices.  You  can  manage  everything  from  a  single  screen,  from  virtually  anywhere.  This  means  you  can 
troubleshoot,  reboot  or  upgrade  your  data  center  devices  -  just  as  if  you  were  sitting  in  front  of  them.  Avocent 
simplifies  your  workday.  What  you  do  with  the  extra  time  is  up  to  you. 


For  one-stop  information  on  improving  data  center  practices,  visit 
http://infrastructure.techweb.com 


Avocenh 

The  Power  of  Being  There® 


Avocent,  the  Avocent  logo,  The  Power  of  Being  There  and  DSView  are  registered  trademarks  of  Avocent  Corporation.  All  other  trademarks  or  company 
names  are  trademarks  or  registered  trademarks  of  their  respective  companies. 


MORE  BUSINESS 
CONFIDENCE. 


With  ProCurve  Networking  by  HP,  you  choose  from  a  comprehensive  set  of  security  solutions — 
each  designed  to  help  protect  your  growing  company.  You  get  exclusive  products  like  ProCurve 
Secure  Router,  Virus  Throttle,  Identity  Driven  Management  and  Access  Controller  Module. 

And  unlike  most  other  providers,  ProCurve  ensures  critical  network  security  at  the  edge  where 
users  connect  as  well  as  at  the  vulnerable  core.  Edge-to-edge  security  means  less  downtime, 
more  uptime.  ProCurve  means  more  security,  more  affordably. 


Find  out  more  about  ProCurve  Networking.  Call  800-975-7684  Ref  Code  54  or 
download  informative  reports  complete  with  case  studies  and  cost-of-ownership 
analysis  at  www.hp.com/learn/procurve4. 


ProCurve  Networking 


HP  Innovation 
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Securing  the  network  at 
the  edge  keeps  business 
out  of  harm’s  way 


It  was  the  CFO 


who  posed  the  “show- 


stopper”  question  at  a  recent  executive  committee  meeting: 
“With  all  the  resources  and  attention  businesses  are  expending 
on  security,  why  are  we  still  besieged  with  continuous  threats 
from  viruses,  worms,  and  hackers?” 

He  wasn’t  overstating  the  problem.  Today  an  estimated 
100,000  viruses,  worms,  and  Trojan  horses  pose  direct  threats 
to  network  computer  users.  The  cost  of  system  downtime 
stemming  from  attacks  can  often  be  measured  in  thousands 
of  dollars  per  minute,  and  the  theft  of  sensitive  data  carries 
tremendous  potential  liability.  So  it’s  no  wonder  security 
remains  a  top  priority  for  business  and  technology  managers 
alike. 

The  truth  is  that  current  methods  and  strategies  for  secur¬ 
ing  corporate  networks  often  fall  short.  Many  companies  use 
virus  signature  scanning  techniques,  but  these  technologies 
alone  are  not  sufficient  since  they  do  not  detect  new  forms  of 
viruses  and  they  depend  on  human  response.  Once  in  the  net¬ 
work,  a  virus  propagates  at  machine  speed,  which  is  orders  of 
magnitude  faster  than  the  “human-speed”  responses  to  them. 


WHAT  USERS  WANT 

Clearly,  businesses  need  a  complete  solution  that  truly  delivers 
security  without  compromise  to  protect  networks  and  the  mission- 
critical  data  that  runs  over  them.  A  checklist  of  the  features  of 
such  a  solution  should  include: 

/  Simplicity  for  administrators  and  transparency  for  users 
✓  Ease  of  deployment  and  flexibility 
/  Security  built-in  and  integrated  with  the  hardware, 
not  bolted  on 

/  Security  at  the  critical  network  edge  where  users  connect 
This  is  exactly  what  users  get,  and  a  lot  more,  with 
Hewlett-Packard’s  ProCurve  Networking  solutions,  engineered  to 
move  vital  network  access  decisions  to  the  network  edge  while 
freeing  essential  network  resources  to  enable  the  high-band- 
width  connections  they  are  supposed  to  provide.  By  concentrat¬ 


ProCurve  Networking 


HP  Innovation 


ing  security  at  the  edge,  HP  ProCurve  further  enables  support 
for  vital  network  convergence  and  burgeoning  mobile  strategies. 
The  result  is  a  solution  without  tradeoffs  between  ease  of  use 
and  performance  versus  capability.  ProCurve  Networking  offers 
security  without  compromise. 

A  key  and  unique  element  of  the  ProCurve  solution  is  virus¬ 
throttling  functionality  built  directly  into  ProCurve  switches.  This 
highly  effective  bulwark  against  viruses  provides  detection  at 
the  network  edge  based  on  traffic  behavior,  not  virus  signature 
analysis.  The  bandwidth  on  the  port  where  the  attack  is 
detected  can  be  throttled  back  or  the  port  traffic  can  be  com¬ 
pletely  contained.  This  functionality  gives  the  IT  staff  the  time 
it  needs  to  first  isolate  and  then  eliminate  viruses  and  worms 
before  they  cause  system-crashing  damage. 

THE  ULTIMATE  IN 
NETWORK  SECURITY 

Unlike  other  virus  detection  technologies,  the  virus-throttling  fea¬ 
ture  does  not  need  preknowledge  of  specific  worms  and  viruses  to 
do  its  job  because  virus  throttling  is  behavior-based.  ProCurve 
switches  with  virus  throttling  can  throttle  or  rate-limit  routed 
traffic,  or  completely  block  traffic  from  a  suspect  client. 

Not  all  virus  attacks  come  from  external  sources  outside  of 
a  network.  It  is  increasingly  important  to  protect  access  to  the 
internal  network  behind  the  firewall  to  prevent  virus  attacks 
and  threats  to  critical  systems.  Using  ProCurve  solutions,  users 
effectively  move  security  to  the  network  edge,  where  trouble 
can  be  resolved  before  any  damage  is  done  to  business-critical 
data.  ProCurve’s  value  proposition  delivers  intelligent  security 
with  ease  of  use,  without  sacrificing  performance. 

The  bottom  line  is  that  with  its  many  unique,  powerful,  and 
adaptable  features,  HP  ProCurve  Networking  delivers  on  the 
core  and  essential  value  propositions  of  high  network  availabili¬ 
ty,  efficiency,  security,  ease  of  use,  and  open-standards-based 
interoperability.  For  more  information,  go  to 
www.hp.com/learn/procurve. 
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ENTERPRISE  COMPUTING 

■  WINDOWS  ■  LINUX  ■  UNIX  ■  SERVERS  ■STORAGE  @  GRID/UTILITY  ■  MOBILE  COMPUTING 


Short  Takes 


■  Avocent  last  week  announced 
the  AutoView  2020  and  2030  key¬ 
board,  video  and  mouse  switches 
for  data  centers  supporting  mixed 
environments  of  as  many  as  16 
servers.  Among  a  number  of  fea¬ 
tures,  the  switches  have  the  ability 
to  transfer  to  servers  the  data 
stored  on  USB  media  devices, 
such  as  CDs,  and  external  drives. 
Prices  of  the  2020  and  2030  start 
at  about  $1,300  and  $1,500, 
respectively. 

■  The  latest  addition  to  Symbol 
Technologies’  MC3000  line  of 
mobile  computers  is  a  pistol-grip 
model,  running  Windows  CE  5.0. 
The  MC3090G  is  aimed  at  retail, 
transportation,  logistics  and  gov¬ 
ernment  applications  that  require 
lots  of  bar-code  scanning  to 
acquire  data  in  real  time.  As  with 
Symbol’s  other  3000  models,  the 
3090G  has  a  built-in  laser  scanner. 
In  some  configurations,  the  scan¬ 
ner  can  rotate  to  three  positions 
(left,  right,  forward)  for  user  con¬ 
venience.  It’s  also  the  first  model 
to  include  a  single  wireless  LAN 
radio  chipset  that  can  work  with 
802.11b,  11g  or  11a  access  points. 
Previously,  the  line  supported 
802.1 1  b/g.  The  device  costs  $1,215 
to  $2,435,  depending  on  options, 
and  is  scheduled  to  ship  by  mid- 
November. 

■  Virtual  Iron  Software  this 

week  is  expected  to  update  its  vir¬ 
tualization  and  management  tools 
to  include  support  for  Opteron- 
based  servers,  as  well  as  IBM 
BladeCenter  systems.  The  compa¬ 
ny  launched  earlier  this  year  with 
software  that  enables  end  users 
not  only  to  slice  up  single  physical 
machines,  but  also  to  aggregate 
multiple  servers  into  a  single  sym¬ 
metric  multiprocessing  system. 
Initially,  the  software  ran  only  on 
Intel  Xeon-based  servers.  Virtual 
Iron's  platform  is  priced  per  CPU 
bundle,  typically  32,  64  or  128.  The 
average  price  per  CPU  is  less  than 
$1,000. 


Red  Hat  CTO  peers  into  future 


!  Stevens,  formerly  Red  Hat’s  vice  president  of  oper¬ 
ating  system,  storage  and  clustering  development,  has 
been  named  the  Linux  company’s  CTO  and  is  leading  its 
newly  formed  Emerging  Technologies  Group.  He  spoke 
recently  with  Network  World  Senior  Editor  Jennifer  Mears 
about  where  Red  Hat  is  heading.  What  follows  is  an  edit¬ 
ed  transcript  of  their  discussion.  A  fuller  version  is  online, 
at  www.networkworld.com,  DocFinder:  9533. 

The  CTO  spot  had  been  vacant  for  several  years.  Why  fill  it  now? 

We  were  very  much  driven  around  product  line.  Now,  with 
the  CTO  post,  we’ve  built  an  emerging-technologies  team,  and 
that  team’s  charter  is  to  set  a  vision  that’s  not  just  a  year 
ahead,  which  is  typical  of  the 
product-line  group,  but  three  to 
five  years  ahead. 

So  looking  three  to  five  years  ahead, 
where  is  the  focus? 

Operational  scalability  and  per¬ 
formance.  Instead  of  coming  in 
and  looking  at  what  products 
Red  Hat  can  deliver  to  an  IT 
shop,  what  we’re  looking  at  now 
is  what  should  the  overall  open 
source  architecture  be.  It’s  a 

much  broader  view  than  just  which  products  we  can  make 
money  on.  In  terms  of  building  an  operational  architecture, 
things  like  Netscape  Directory  are  part  of  it,  but  now  it’s 
broadened  into  things  like  virtualization,  Stateless  Linux  and 
capabilities  that  we  just  didn’t  have  before. 


Speaking  of  moving  up  the  stack,  where  is  Red  Hat  going  in  applica¬ 
tion  servers? 

We’re  trying  to  figure  out  what  the  application  server  envi¬ 
ronment  of  the  future  will  be.  One  of  the  things  that’s  becom¬ 
ing  interesting  is  what’s  happening  around  PHP  [Hypertext 
Preprocessor] ,  for  example.  PHP  is  emerging  as  an  all-new 
application  environment  that’s  becoming  very  robust  very 
quickly. 

SuSE  Linux  now  has  ID  management,  network  management  collabo¬ 
ration  and  other  pieces  integrated  into  its  platform,  thanks  to  its 
acquisition  by  Novell.  Are  you  moving  in  that  direction  with  your 
version  of  Linux? 

We  collaborate  any  time  we  feel  that  it’s  a  product  that 

^Instead  of  coming  in  and  looking 
at  what  products  Red  Hat  can  deliv¬ 
er  to  an  IT  shop,  what  we’re  looking 
at  now  is  what  should  the  overall 
open  source  architecture  be.w 

Brian  Stevens,  Red  Hat  CTO 


needs  to  be  on  the  platform.  So  while  we  were  comfortable 
partnering  with  Netscape  and  AOL  in  the  past,  we  acquired 
Netscape  and  its  directory  and  security  products  when  we 
realized  that  we  needed  to  integrate  [that  technology]  much 
deeper  into  the  operating  system. 


What's  Red  Hat's  server  virtualization  strategy  here? 

We  expect  to  deliver  virtualization  capability  coincident 
with  our  next  major  release  of  Linux,  which  is  planned  for 
the  later  half  of  next  year.  We’re  looking  at  how  a  virtualized 
environment  changes  the  rest  of  the  IT  architecture  in  terms 
of  what  new  management  capabilities  you  need,  how  securi¬ 
ty  changes,  how  you  build  a  highly  available  infrastructure, 
how  all  the  other  aspects  such  as  provisioning  and  licensing 
change.  We  figure  out  whom  we  need  to  partner  with,  where 
M&A  is  needed,  what  we  need  to  build. 


Where  else  are  you  going  to  need  deeper  integration? 

Virtualization  is  the  biggest,  the  most  obvious. We’re 
absolutely  integrating  virtualization  into  the  operating  sys¬ 
tem.  With  the  legacy  virtualization  products,  the  operating  sys¬ 
tem  has  no  awareness  that  they’re  sitting  on  top  of  them.  By 
integrating  virtualization  inside  the  operating  system,  where 
the  operating  system  knows  it’s  being  virtualized,  you  can 
build  a  much  more  robust  solution.That’s  similar  to  what 
we’re  doing  with  security  and  SE  Linux. We’re  doing  that 
around  directory  and  certificate  management.  And  we’re 
doing  that  around  a  new  project  called  Stateless  Linux. 


So  where  do  you  see  Red  Hat  building,  and  where  do  you  see  it 
partnering? 

We  look  at  potential  acquisition  every  time  we’re  going  to 
build  something.  We  partner  in  areas  that  we  feel  are  farther 
up  in  the  application  space.  How  you  plug  the  legacy  man¬ 
agement  infrastructure  into  a  virtualized  environment,  that’s 
an  area  where  we’ve  partnered.  We  feel,  for  example,  that  we 
have  to  invest  in  a  new  management  platform  for  a  virtual¬ 
ized  environment,  but  that  will  become  a  platform  that  the 
Tivolis  and  others  will  sit  on. 


What's  Stateless  Linux? 

It’s  an  architectural  concept  whereby  servers  and  desktops 
have  no  state  on  the  system.  So  it  forces  an  environment  of 
operational  scalability  where  you’re  managing  clients  and 
servers  by  managing  the  data  for  those  systems  that  are  living 
on  the  network.The  benefit  is  not  just  management  scale,  but 
as  systems  come  and  go,  servers  can  fail,  and  it  becomes  a 
non-event.  A  new  server  can  take  over  the  persona  of  a  failed 
server  in  seconds  because  the  server’s  state  is  on  the  network. 
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Is  Novell  sale  for  real  this  time? 


Dave  Kearns 


Over  the  10  years  I’ve  penned 
this  column,  I’ve  written,  more 
than  once,  about  rumors  that 
Novell  was  about  to  be  acquired. 
For  the  most  part,  I  offered  reasons 
that  the  rumor  wouldn’t  become 
true.  This  time  I’m  not  ready  to 
quash  the  rumors. 

After  the  company  announced 
extremely  disappointing  third- 
quarter  financials  last  month,  a 
major  Novell  stockholder  (Blum 
Capital  Partners)  went  public 
with  recommendations  of 


changes  that  it  thought  were  nec¬ 
essary  for  the  fiscal  health  of  the 
network  company  Among  the 
recommendations  were  that 
Novell  divest  or  spin  off  its  con¬ 
sulting  services  and  major  prod¬ 
uct  lines,  such  as  GroupWise,  and 
that  it  pare  down  the  engineering 
population  at  the  Provo  campus 
by  400  or  so  people. 

Rumors  over  the  past  two  weeks 
(which  may  be  formally  con¬ 
firmed  by  the  time  you  read  this) 
call  for  the  company  to  lay  off 
20%  of  its  workforce  —  more  than 
1,000  people.  Reading  between 
the  lines,  that  appears  to  be  the 
400  in  Provo  plus  the  consultants 
plus  a  few  sales  offices  plus  one 
or  two  product  lines  —  such  as 
the  entire  Extend  (formerly  Silver- 


Stream)  line  acquired  a  few  years 
ago,  before  Novell  embraced 
open  source  in  all  of  its  forms. 

If  that  is  all  that  happens,  then 
perhaps  the  company  is  trying  to 
streamline  for  the  future.  But  if 
other  divestiture  recommenda¬ 
tions  that  Blum  Capital  made  are 
implemented  —  if  GroupWise 
and/or  ZENworks  are  set  adrift  — 
then  the  writing  will  be  on  the 
wall  that  the  company  is  being 
right-sized  for  acquisition. 

Remember  that  Novell  chair¬ 
man  and  CEO  Jack  Messman 
“right-sized”  Cambridge  Technolo¬ 
gy  Partners  before  it  merged  with 
Novell.  Messman  took  over  the 
merged  company  because  the 
board  of  directors  thought  that 
previous  CEO  Eric  Schmidt  (you 


know,  the  guy  who’s  made  billions 
of  dollars  for  Google)  had  let  it 
drift. Messman’s  Novell  hasn’t  drift¬ 
ed  —  it’s  plummeted  like  a  rock. 
Stockholders  and  directors  really 
don’t  like  it  when  that  happens. 

But  don’t  expect  Messman  to  be 
replaced  (unless  it’s  on  an  “inter¬ 
im”  basis  while  a  merger  deal  is 
worked  out),  because  it’s  too  late 
for  a  different  vision  to  right  the 
fortunes  of  the  company  without 
the  synergies  (and  additional 
funds)  that  a  merger  would  bring. 

So  who  will  the  winning  suitor 
be?  IBM,  perennially  rumored  as  a 
suitor,  are  still  prominently  men¬ 
tioned,  as  are  SAP  and  Microsoft. 
But  I’m  putting  my  money  on 
Silicon  Valley  pirate  Larry  Ellison 
and  Oracle.  Stay  tuned. 


Kearns,  a  former  network 
administrator,  is  a  freelance  writer 
and  consultant  in  Silicon  Valley. 
He  can  be  reached  at 
wired@vquill.  com. 


IBM  taps  VMware,  Citrix  to  create  blade  PCs 

Effort  goes  beyond  traditional  thin-client  computing. 


BY  JENNIFER  MEARS 

After  spending  the  past  few  years  on 
the  sidelines,  IBM  has  finally  jumped 
headlong  into  the  blade  PC  market, 
announcing  partnerships  with  Citrix 
and  EMC’s  VMware  subsidiary  to  pro¬ 
vide  customers  with  the  means  to  man¬ 
age  desktop  PCs  from  a  secure,  central¬ 
ized  location. 

With  its  Virtualized  Hosted  Client 
Infrastructure,  IBM  joins  ClearCube  and 
HP  in  the  market  that  goes  beyond  tradi¬ 
tional  thin-client  computing  by  moving 
the  guts  of  a  PC  to  blade  servers  hosted 
in  a  data  center  or  computer  room,  pro¬ 
viding  what  proponents  say  is  better  PC 
security  and  easier  manageability 

Users  have  only  a  monitor,  keyboard 
and  mouse  —  and  a  specialized  client 
device  in  the  case  of  ClearCube  and  HP 
—  on  their  desks  to  link  back  to  the 
blade  servers,  where  the  intelligence  of 
their  systems  resides.  IBM  executives  say 
the  company’s  new  hosted-PC  offering, 
which  will  be  available  through  IBM  Global  Services,  will 
link  to  any  client  device  over  Ethernet  using  standard  pro¬ 
tocols. 

IBM  also  is  enabling  end  users  to  tap  into  virtual  PCs, 
rather  than  requiring  each  client  link  to  a  single,  physical 
server,  as  is  the  case  with  ClearCube  and  HP 

“Typically,  if  you’ve  got  a  single  blade  for  a  single  desk¬ 
top,  those  servers  are  going  to  be  down  two-thirds  of  the 
day  after  people  head  home  —  and  that  represents  a 
pretty  significant  infrastructure  investment,”  says 
Charles  King,  principal  analyst  at  Pund-IT  Research. 
“IBM  is  making  the  pitch  that  if  you  can  support  the 
same  number  of  desktops  with  one-eighth  the  number 
of  servers, you’re  going  to  end  up  with  much  higher  uti¬ 


lization  of  your  IT  infrastructure.” 

Change  of  heart 

IBM  hasn’t  been  hot  on  the  PC  market, 
selling  its  PC  business  to  Lenovo  last 
year.  When  it  came  to  blade  PCs,  IBM 
was  lukewarm,  choosing  to  be  a  partner 
with  market  leader  ClearCube. 

But  now  IBM  sees  opportunity.  By 
becoming  a  partner  with  VMware  and 
Citrix,  IBM  is  rolling  out  a  blade  PC  of 
its  own  that  enables  users  to  run  multi¬ 
ple  virtual  PCs  on  a  single  blade. 

“It  can  range  depending  on  workload 
and  utilization,  but  some  of  the  pilots 
we’re  engaged  in  have  an  average  uti¬ 
lization  of  12  to  15  virtual  machines  [per 
blade],”  says  Juhi  Jotwani,  director  of 
xSeries  and  BladeCenter  solutions  at 
IBM. 

With  IBM’s  BladeCenter  able  to  hold  as 
many  as  14  blades,  users  could  pack 
more  than  200  clients  into  a  single  chas¬ 
sis,  cutting  costs  by  as  much  as  60%  and 
seeing  a  return  on  investment  in  as  few  as  six  months,  IBM 
executives  say 

VMware’s  ESX  Server  software  enables  users  to  slice 
each  physical  blade  server  into  multiple  virtual  PCs  run¬ 
ning  different  operating  systems.  The  Citrix  Presentation 
Server  provides  the  ability  for  remote  users  to  tap  into 
fully  functional  PCs  including  print  capabilities  and  USB 
drive  support. 

Analysts  say  IBM  offers  an  interesting  alternative  to  Clear¬ 
Cube  and  HP’s  Consolidated  Client  Infrastructure  because 
of  virtualization. 

In  addition,  because  the  offering  is  hosted,  remote  and 
mobile  users  can  tap  into  the  blade  PCs,  reducing  the  cost 
and  time  associated  with  supporting  them. 


Storage  going  open  source 

IBM,  eight  others  to  form  consortium 

IBM  last  week  said  it  is  teaming  with  eight  other 
storage  vendors  to  form  an  open  source  organiza¬ 
tion  called  Aperi.The  companies  intend  to  work 
together  to  develop  common  storage  software  to 
manage  the  systems  of  a  variety  of  vendors. 

The  software  will  be  made  available  free  of  charge, 
according  to  IBM. 

The  vendors  will  contribute  code  to  the  Aperi  effort, 
with  IBM  making  the  first  donation  of  some  of  its 
storage  infrastructure-management  technology, 
according  to  a  release  from  the  company. 

The  group  will  be  managed  by  an  independent,  non¬ 
profit  organization  with  a  multivendor  board  of  direc¬ 
tors.  Aperi  will  be  modeled  after  the  Eclipse  consor¬ 
tium  set  up  by  IBM  in  conjunction  with  other  vendors 
to  handle  open  source  projects  to  create  develop¬ 
ment  tools  and  frameworks  for  building  software. 
Eclipse  was  spun  out  from  IBM  in  early  2004.  Aperi 
comes  from  the  Latin  word  meaning  to  open. 

IBM's  partners  in  Aperi  are  Brocade  Communica¬ 
tions,  Cisco,  Computer  Associates,  Engenio  Informa¬ 
tion  Technologies,  Fujitsu,  McData,  Network  Ap¬ 
pliance  and  Sun. 

—  CHINA  MARTENS,  IDG  NEWS  SERVICE 


IBM’s  Virtual  Hosted  Client  Infrastructure,  which  will  run 
on  two-processor  Xeon-  and  Opteron-based  blades,  is 
available  for  pilot  deployments  through  IBM  Global 
Services  and  will  be  generally  available  in  the  first  quarter 
next  year,  Jotwani  says.  Pricing  was  not  released.  ■ 


Blade  by  blade 

IBM  hopes  its  new  blade 
PC  offering  will  help  it 
maintain  its  lead  in  the 
blade  server  market,  which 

grew  to  $440  million  in 

the  second  quarter,  up  88% 
compared  with  the  same 
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»  Tired  of  cal  s  th  t  so  nd  like  th  s?  Want  cost  benefits  of  voice  over  If?  but  sick  of  delay  and 
dropped  data?  Try  Secure  and  Assured  VoIP,  only  from  Juniper  Networks.  Juniper  ensures  voice 
receives  higher  priority  and  bandwidth,  for  highest-quality  performance.  And  our  application-aware 
platforms  stop  hackers,  DoS  attacks  -  all  network  threats.  Expect  more  from  your  VoIP  Juniper 
your  net  and  get  unequalled  interoperability,  with  unrivaled  performance  and  security: 
http://www.juniper.net/solutions/voice/ 


888-JUNIPER  (1-888-586-4737) 


Citrix  NetScaler 

makes  any  application 


15  times  faster 


for  anyone,  anywhere. 


Every  day,  leading  Global  2000  enterprises,  including 
the  five  largest  e-businesses  in  the  world,  rely  on 
Citrix®  NetScaler®  solutions  to  dramatically  accelerate 
application  performance.  All  without  adding  servers, 
bandwidth,  or  consultants.  Perhaps  that’s  why 
Citrix  NetScaler  application  delivery  systems  are 
rated  #1  in  customer  satisfaction  among  Layer 
4-7  networking  vendors.  See  what  Citrix  NetScaler 
can  do  for  you  at  www.citrix.com/netscaler 


Hx 


©  2005  Citrix  Systems,  Inc.  All  rights  reserved.  Citrix  and  NetScaler  are  trademarks  of  Citrix  Systems,  Inc.,  and/or  one  or  more  of  its  subsidiaries,  and  may  be  registered  in  the  U.S.  Patent  and  Trademark  Office  and  in  other  countries. 
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Sierra  Club  grows  open  source  application 


Great  Outdoors 

The  Sierra  Club  turned  to  open  source  consulting  firm  Exadel  to  help  put 
together  an  open  source  application  that  simplifies  online  trip  reservations: 
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User  Sybase  EAServer  on  Sybase  ASE  database  on 

Dell  PowerEdge  1650  Dell  PowerEdge  4400 

D  An  end  user  comes  to  the  Sierra  Club  Web  site  and  navigates  to  the  Get  Outdoors  trips  page. 

B  The  end  user  inputs  search  criteria  and  the  Sybase  EAServer  queries  the  Sybase  Adaptive  Server  Enterprise 
(ASE)  database  using  Hibernate  to  determine  what  trips  are  available. 

B  The  end  user  chooses  a  trip  and  then  inputs  Sierra  Club  member  number  and  ZIP  code,  prompting  the 
database  to  serve  up  relevant  personal  information  already  stored  there. 

O  The  end  user  can  add  additional  tripgoers,  inputting  appropriate  member  numbers  and  ZIP  codes,  which 
are  sent  to  the  database  via  Hibernate  to  determine  which  tripgoers  belong  to  which  member  households. 

B  The  end  user  confirms  the  trip  with  payment  information  and  a  confirmation  e-mail  is  sent. 


Start-tip  takes  aim  at 
online  prevention 


BY  JENNIFER  MEARS 

est  known  for  its  grassroots  environ¬ 
mental  protection  activities,  the 
Sierra  Club  also  helps  thousands  of 
members  get  outdoors  each  year  with 
trips  that  span  the  globe.  Sierra  Club  has 
offered  these  worldwide  adventures  for 
more  than  a  century,  but  in  recent  years  its 
IT  team  has  focused  on  streamlining  the 
trip-reservation  process  by  enabling  mem- 


Short  Takes 


■  MySQL  last  week  released  the  pro¬ 
duction  version  of  its  open  source 
database  upgrade,  MySQL  5,0.  The 
new  release  adds  several  features 
that  have  long  been  standard  in  data¬ 
bases  from  MySQL's  bigger  rivals, 
including  triggers,  views  and  stored 
procedures.  The  company  is  billing  the 
upgrade  as  its  biggest  ever.  The  com¬ 
pany  offers  two  types  of  licenses: 
Customers  can  download  the  soft¬ 
ware  for  free  under  the  open  source 
General  Public  License,  or  pay  for  a 
commercial  license.  The  second 
option  is  mostly  for  third-party  ven¬ 
dors  that  want  to  resell  MySQL  with 
their  products.  MySQL  also  offers 
support  services  called  the  MySQL 
Network,  which  starts  at  $293  per 
server.  The  database  upgrade  is  avail¬ 
able  now  for  Linux,  Windows,  Solaris, 
Mac  OS  X,  FreeBSD,  HP-UX,  IBM 
AIX  5L  and  other  operating  systems. 

■  EMC  unit  VMware  last  week 
released  the  free  VMware  Player, 
which  lets  users  run  and  evaluate 
software  in  a  virtual  machine  running 
on  either  Linux  or  Windows.  VMware 
Player  installs  as  a  standard  desktop 
application  and  runs  32-  or  64-bit  vir¬ 
tual  machines  in  a  separate  window. 
The  VMware  Player  is  available  as  a 
beta  download  at  www.network 
world.com,  DocFinder:  9535. 


bers  to  sign  up  online. 

With  the  club’s  database  growing  to 
more  than  3  million  members  and  interest 
in  its  outings  on  the  rise,  the  reservation 
process  was  becoming  increasingly  com¬ 
plex.  The  Sierra  Club  estimates  that  about 
70%  of  the  4,000  members  who  go  on  club 
outings  each  year  sign  up  online.  The  pro¬ 
gram  brings  in  some  $5  million  annually, 
so  an  efficient,  easy-to-use  online  reserva¬ 
tion  process  was  key,  says  Mark  Maslow, 
who  heads  up  a  five-developer  team  as 
lead  programmer  analyst  at  the  Sierra 
Club  in  San  Francisco. 

About  two  years  ago,  Maslow  and  his 
team  began  looking  for  ways  to  enhance 
the  reservation  application  without  com¬ 
plicating  the  process  for  end  users.  What 
they  settled  on  was  a  Java-based  applica¬ 
tion  development  project  rooted  in  open 
source  products:  the  Jakarta  Struts  Web 
application  framework,  Hibernate  object/ 
relational  mapping  software  for  database 
information  storage  and  retrieval,  the 
Eclipse  development  environment  and 
the  Tomcat  Web  server. 

Maslow  needed  to  tightly  link  the  appli¬ 
cation  with  the  organization’s  Sybase 
Adaptive  Server  Enterprise  (ASE)  data¬ 
base.  The  architecture  includes  a  Sybase 
EAServer  application  server  running  on  a 
Dell  PowerEdge  1650  that  connects  via  a 
Gigabit  Ethernet  LAN  to  the  database, 
which  runs  on  a  Dell  PowerEdge  4400  (see 
graphic). 

The  Sierra  Club  development  team  had 
used  Sybase  database  tools  in  the  past. 
“We  still  use  Sybase  tools  for  a  lot  of 
things.  But  for  the  Web  application,  it  was 
not  flexible  enough  for  our  particular 
needs,”  Maslow  says.  “We  needed  some¬ 
thing  that  was  powerful  and  also  some¬ 
thing  that  we  could  get  into  and  do  our 
own  customization  the  way  we  wanted  to. 
...  We  didn’t  want  to  be  limited  by  the 
tools.” 

System  complexities 

One  of  the  main  complexities  of  the  new 
system  is  its  ability  to  handle  reservations 
under  a  single  household  or  membership 
number,  a  feature  that  requires  a  tight  link 

See  Sierra  Club,  page  36 


BY  ANN  BEDNARZ 

Business  Signatures  last  week  unveiled 
software  aimed  at  helping  financial  insti¬ 
tutions  curb  online  fraud. 

Fraud  Prevention  Solution  works  to  spot 
fraudulent  intent  and  prevent  the  perpe¬ 
trators  from  executing  bad  financial  trans¬ 
actions.  It’s  designed  for  banking,  broker¬ 
age  and  investment  management  firms 
that  do  business  online. 

Fraud  is  a  huge  problem  for  financial 
institutions,  says  Karen  Massey,  a  senior 
research  analyst  at  Financial  Insights,  an 
IDC  company  “Our  estimates  are  that  in 
2005,  fraud  losses  for  banks  in  the  United 
States  alone  will  hit  $12  billion  to  $15  bil¬ 
lion.  As  fraud  solutions  get  smart,  fraud¬ 
sters  get  smarter.” 

Business  Signatures’  technology  looks  at 
how  visitors  are  using  a  Web  site  and 


attempts  to  spot  fraudulent  intent  based 
on  their  access,  navigational  and  behav¬ 
ioral  patterns.  For  example,  a  Web  visitor 
who  logs  into  an  account,  immediately 
changes  the  password  and  then  attempts 
to  transfer  all  funds  might  fit  the  profile  of 
an  account  hijacking,  says  Peter  Relan, 
chairman  and  CEO  of  Business  Signatures. 

The  software  can  halt  suspicious  trans¬ 
actions  in  real  time  or  require  additional 
authentication  to  validate  the  customer’s 
identity,  he  says. 

Relan  launched  Business  Signatures  in 
July  with  Sunil  Bhargava  and  Joyo  Wijaya; 
the  three  partners  had  spent  time  at 
Oracle  and  online  grocer  Webvan  Group 
before  joining  forces  in  2001  to  build  the 
company’s  core  event-processing  technol¬ 
ogy  called  Intent  Processor. 

See  Fraud,  page  36 
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•Based  on  the  SPECint_RATE200Q  benchmark  test  performed  by  Dell  Labs  in  February  and  July  2005  comparing  a  Dell  PowerEdga  2850  configures}  with  two  3.SCGHz  w/2MB 
single-core  Intel  Xeon  Processors,  8GB  DDR-2  memory,  1x36GB  SCSI  HDD,  Windows  Server  2053  Standard  with  the  same  system  configured  with  two  2.80GHz  w/2MB 
Dual-Core  Intel  Xeon  Processors.  Actual  performance  will  vary  based  on  configuration,  usage  and  manufacturing  variability.  Results  cars  be  found  at  http^/www.specors, 

Dell  car.nct  be  responsible  for  errors  in  typography  or  photography.  Dell,  the  Dell  logo  and  PowerEdge  are  trademarks  of  Dell  Inc.  Intel,  Intel  Inside,  the  Intel  Inside  logo,  and 
Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©  2005  Dell  Inc.  All  rights  reserved. 
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PERFORMANCE. 

HASSLE-FREE 

MULTI-CORE 

SERVERS. 


THE  DELL™  POWEREDGE™  1850, 
2800, 2850,  AND  THE  1855  BLADE 
SERVERS  FEATURE  DUAL-CORE 
INTEL®  XEON™  PROCESSORS  FOR 
OUTSTANDING  PERFORMANCE. 


DELL'S  EASY  TO  DEPLOY 

MULTI-CORE  TECHNOLOGY. 

Get  up  to  a  53%  gain  in  performance*with 
Dual-Core  Intel®  Xeon™  Processors  in  Dell™ 
PowerEdge™  Servers.  Working  with  your 
existing  Intel®  Xeon™ architecture  greatly 
reduces  the  number  of  system  images 
for  easier  deployment  and  management. 
It's  the  right  technology  at  the  right  time. 
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Family  jewels  to  go 


NET  INSIDER 
Scott  Bradner 


The  other  day  I  went  to  a  talk  by 
Simson  Garfinkel,  a  Harvard  post¬ 
doctorate  research  fellow  and  an 
instructor  at  the  Harvard 
Extension  School.  He  talked 
about  using  “patterns”  to  under¬ 
stand  complex  problems  and 
ensuring  that  the  solutions  to  the 
problems  actually  matched  the 
problems.  The  talk  used  the  real- 
world  problem  of  residual  data 
left  on  recycled  disks  to  show 
how  the  concept  of  patterns 
could  be  used.  Garfinkel’s  presen¬ 
tation  (www.networkworld.com, 


DocFinder  9527)  was  quite  scary 
for  a  security  geek  like  me.  1  had 
been  generally  aware  that  far  too 
many  disks  that  government  agen¬ 
cies,  enterprises  and  individuals 
sell  or  trade  in  when  upgrading 
their  systems  still  contain  valuable 
information,  but  I  did  not  know 
the  extent  of  the  problem. 

For  one  part  of  his  Ph.D.  thesis 
(DocFinder:  9534),  Garfinkel 
bought  more  than  230  used  disk 
drives  from  eBay  and  other  sellers 
of  recycled  disk  drives.  He  then 
ran  disk  analysis  tools  that  he  had 
developed  on  these  drives  to  see 
if  he  could  find  anything  useful. 
He  did.  In  Chapter  3  of  his  thesis, 
he  details  what  he  found,  and  it 
included  thousands  of  credit  card 
numbers,  detailed  financial  and 
medical  records,  corporate  trade 
secrets  and  other  highly  personal 
information.  He  found  residual 


information  on  a  majority  of  the 
used  drives. 

Garfinkel  also  referred  to  news 
accounts  of  others  finding  data 
such  as  ex-Beatle  Paul 
McCartney’s  banking  details  and 
pharmacy  records  for  thousands 
of  patients  who  filled  their  pre¬ 
scriptions  at  an  Arizona  super- 
market.Yup,  the  problem  is  real. 

Now  the  question  is:  Have  you  or 
your  company  contributed  to  this 
problem? 

It  would  seem  to  be  a  no-brainer 
to  at  least  erase  disks  that  might 
contain  confidential  information. 
So  why  is  the  problem  so  wide¬ 
spread? 

Garfinkel  contacted  as  many  of 
the  drive  owners  as  he  could 
and  discovered  two  reasons  why 
so  many  drives  still  contained 
data.  First,  some  people  did  not 
think  of  the  issue  when  they  dis¬ 


posed  of  the  drives  (what 
Garfinkel  calls  the  “education 
problem”).  Second,  many  appli¬ 
cations  lie  when  they  tell  the 
user  that  their  data  is  being 
removed  (Garfinkel  calls  this  the 
“usability  problem”). 

The  education  problem  can  be 
addressed  by  teaching  users  that 
residual  data  can  be  a  big  prob¬ 
lem  or  by  developing  and  man¬ 
dating  computer-system  decom¬ 
missioning  organizations  or 
processes  that  take  the  guesswork 
out  of  disk  recycling. 

The  usability  problem  is  harder. 
That’s  because  it  is  generally  not 
possible  to  be  sure  that  an  appli¬ 
cation  is  actually  removing  data 
from  a  disk  when  you  delete  a  file 
or  reformat  the  disk,  without 
knowing  more  about  the  applica¬ 
tion  than  most  users  can  find  out. 
For  example,  the  common 


Microsoft  utilities  for  both  of  these 
functions  actually  just  free  up  disk 
space  without  overwriting  the 
unused  disk  space  to  ensure  the 
data  is  erased.  There  are  devices 
and  software  tools  that  do  the 
right  thing  and  should  be  used. 
Note  that  U.S.  law  requires  actual 
data  erasure  when  credit  report 
data  is  involved  (DocFinder: 
9528). 

Don’t  be  a  data  spreader.  Erase 
data  before  you  sell  that  drive  or 
take  out  the  frustrations  of  the  job 
with  a  hammer. 

Disclaimer:  Job  frustrations?  At 
Harvard?  Say  it’s  not  so.  Anyway 
the  above  seminar  report  is  my 
own. 

Bradner  is  a  consultant  with 
Harvard  University's  University 
Information  System.  He  can  be 
reached  at  sob@sobco.com. 


Sierra  Club 

continued  from  page  33 

with  the  database.  With  the  old  system,  the 
Sierra  Club  had  to  contact  trip  participants 
by  telephone  to  determine  to  which  house¬ 
hold  they  belonged. 

“The  necessity  for  contacting  partici¬ 
pants  is  much  less  with  [Hibernate]  and 
the  new  system,  plus  it  is  much  easier  to 
enforce  the  membership  rule  for  all  par¬ 
ticipants,”  Maslow  says.The  challenge  was 
to  capture  the  additional  information 
about  households  and  memberships 
while  still  keeping  the  system  relatively 
simple  to  use.” 

With  open  source,  Maslow  found  the  bal¬ 
ance  he  was  looking  for:  power,  flexibility 
and  simplicity 

“We  didn’t  want  to  be  tied  into  a  particu¬ 
lar  methodology  he  says.  “The  most  attrac¬ 
tive  thing  about  open  source  is  that  the 
good  ones  play  together.  You’ve  got  your 
choice  of  whatever  database  connection 
mechanism,  whatever  database  access 
mechanism  and  whatever  Web  framework. 
And  all  of  these  things  play  together. ...  A 
key  benefit  is  the  ability  to  really  tailor  the 
application.” 

While  many  IT  managers  might  think  cost 
savings  when  they  think  open  source, 
Maslow  says  cost  wasn’t  the  driving  factor. 
In  fact,  training  and  consulting  demands 
likely  offset  any  savings  in  the  software,  he 
says. 

“The  driving  consideration  was  being 
able  to  have  the  most  appropriate  solution 
tailored  specifically  to  what  we  needed, 
and  to  do  that  on  every  level  of  the  appli¬ 
cation,”  he  says. 

But  Maslow  cautions  that  open  source 


development  can  be  tough.  He  began  his 
project  a  little  more  than  a  year  ago,  settling 
on  Struts  and  Hibernate  as  the  foundation 
for  the  application.  But  bringing  in  the  open 
source  tools  was  a  little  more  challenging 
than  he  had  banked  on,  he  says. 

Looking  for  help 

“I  realized  pretty  quickly  that  I  needed 
some  help,”  Maslow  says.  “There  are  other 
programmers  here,  but  I’m  the  only  person 
doing  Java  and  Web  applications.  It  was  a 
lot  to  pick  up  on  my  own.” 

So  he  brought  in  Exadel,  which  became 
an  extension  of  his  development  team. 
Maslow  uses  Exadel’s  consulting  services 


Fraud 

continued  from  page  33 

Intent  Processor  attempts  to  discern  what 
customers  are  trying  to  do  in  the  moment, 
rather  than  analyze  aggregate  customer 
behavior  after  the  fact.  The  software  aggre¬ 
gates  data  from  a  variety  of  internal  and 
external  sources,  including  Web  sessions, 
application  logs  and  SNMP  feeds  from  data¬ 
bases  and  security  devices.  It  converts  the 
data  streams  into  discrete  steps  of  an  online 
business  process,  such  as  “login”  or  “set  up 
funds  transfer? 

The  technology  combines  Web  analytics 
features  that  are  typical  of  products  from 
vendors  such  as  WebTrends  and 
WebSideStory  with  business  activity  moni¬ 
toring  features  of  software  from  such  ven¬ 
dors  as  Celequest,  Metastorm,  Oracle  and 
Tibco  Software. 

What  differs  is  that  Business  Signatures’ 
software  characterizes  and  draws  conclu- 


and  Exadel  Studio  Pro,  a  Web  application 
development  environment  built  on  Eclipse. 

“It  was  very  helpful  in  organizing  the  pro¬ 
ject,”  says  Maslow,  who  began  the  project 
with  Exadel  late  last  year  and  had  the  sys¬ 
tem  up  and  running  in  January  a  three- 
month  turnaround.“As  a  beginner,  a  little  bit 
of  prompting  [from  Exadel  Studio]  to  put 
the  right  parameters  in  the  right  places  was 
a  big  help.” 

“The  application  is  fully  meeting  all  of 
our  expectations,  but  I  wasn’t  at  all  sure 
how  1  was  going  to  do  that  before  bringing 
in  Exadel,”  he  says. “Certainly  I  could  have 
gotten  to  the  same  place,  but  it  would 
have  taken  me  a  lot  longer  to  get  there, 


Fraud  losses  pile  up 

Financial  institutions  lost 

$52.6  billion 

to  fraud  in  2004,  according  to  Javelin 
Strategy  &  Research. 


sions  about  user  behavior  right  away 
instead  of  storing  transaction  information 
and  then  doing  an  analysis  later. 

The  offering  includes  e-Fraud  Signature,  a 
library  of  customizable  templates  that  rec¬ 
ognize  patterns  of  online  behavior  that 
deviate  from  normal  user  activity 

Conceptually,  the  approach  makes  sense, 
Massey  says.  The  financial  industry  is 
attempting  to  be  more  proactive  in  fighting 
fraud,  but  to  date  most  traditional  products 
don’t  catch  fraud  until  it’s  too  late. 
“Depending  on  how  the  system  is  pro¬ 
grammed,  it  will  send  up  a  red  flag.  But  it’s 


that’s  for  sure.” 

Maslow  was  so  happy  with  the  results  of 
the  reservation  system  that  he’s  now  using 
Exadel  to  help  him  develop  another  open 
source  application  for  the  Sierra  Club’s 
nearly  three-dozen  field  offices  to  use  in 
organizing  political  activities. 

Although  the  reservation  system  was 
developed  on  Tomcat,  it  is  being  run  on 
Sybase  EAServer  for  production.  Maslow 
says  he  expects  to  run  the  new  internal 
application  entirely  on  Tomcat. 

As  for  the  database,  Maslow  says  he’s 
happy  with  the  Sybase  database  he’s  run¬ 
ning  and  has  no  plans  to  switch  to  open 
source  there.B 


usually  after  the  transaction  has  been  done, 
so  it’s  a  matter  of  managing  the  customer 
after  the  fact,”  she  says. 

Fraud  Prevention  Solution  and  the  e- 
Fraud  Signature  library  are  scheduled  to  be 
available  in  mid-November. Pricing  is“in  the 
six  figures”  for  an  annual  software  license, 
and  companies  also  pay  an  annual  fee  for 
each  account  protected,  Relan  says. 

The  first  product  Business  Signatures 
built  atop  its  Intent  Processor  engine  is 
Customer  Impact  Management,  which  is 
designed  to  help  users  manage  infrastruc¬ 
ture  resources  by  correlating  system 
events  with  customer-facing  business 
processes. 

Next  from  the  vendor  is  a  product  aimed 
to  help  companies  bolster  profits  by 
encouraging  online  behaviors  that  increase 
sales  and  decrease  shopping  cart  aban¬ 
donment,  for  example.  The  profit  product 
will  be  announced  in  the  first  quarter  of 
next  year,  Relan  says.  ■ 


Mr.  7,000,000  E-mails 
a  Day  Handled  by 
71  Percent 
Fewer  Servers. 


"From  a  manager's  view,  the  fact  that  we  increased 
stability,  improved  operations,  and  reduced  costs 
| while  adding  so  many  users  is  very,  very  good.' 

Yuen  Ho 

v'  l 

Director  of  Corporate  Systems  and  Architecture,  eBay 


Make  a  name  for  yourself  with  Windows  Server  System.  Upgrading  to  Microsoft®  Windows  Server  System™ 
makes  it  possible  for  eBay,  the  leading  online  marketplace,  to  consolidate  its  mail  servers  from  85  down 
to  25,  while  handling  over  seven  million  e-mails  a  day.  Here's  how:  By  deploying  Windows  Server™  2003 
with  Exchange  Server  2003,  eBay  kept  its  growing  global  workforce  connected  while  reducing  the 
number  of  mail  servers  and  sites  to  support,  thereby  cutting  basic  costs  per  mailbox  by  70  percent. 
To  get  the  full  eBay  story  or  find  a  Microsoft  Certified  Partner,  go  to  microsoft.com/wssystem 
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The  point  of  business  is  cost-effectively  connecting  enterprise  resources  to  better  serve  your  customers.  With  a  wholly  owned,  end-to-end 

I  , 

network — backed  by  a  team  of  consultants  working  with  you  to  develop  the  optimal  solution  for  your  environment — Time  Warner  Cable  delivers 
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reliable  business  communications.  Add  to  that,  standard  and  customized  SLAs,  along  with  a  full  suite  of  data,  video,  and  security  solution sP11111111 1,111 
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including  Metro  Ethernet,  Teleworker  Solutions,  Branch  Office  Connectivity — and  you  have  a  scalable  infrastructure  for  sharing  information. 
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reducing  costs  and  realizing  the  value  on  your  IT  investment.  That's  the  point  of  business. 


www.rrbiz.com 
1  -866-689-3678 
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"Highest  Customer  Satisfaction  With  Business  Broadband  Data  Service  Providers" 

J.D.  Power  and  Associates  ,2005  Major  Provider  Business  Telecommunications  Spivii  es  Study  1 
Broadband  Data  segment  includes  services  such  as  DSL,  cable  nTod'oBiJSBN,  T-1,  etll@meta.n4 
videoconferencing  services  Study  conducted  among  5  178  businesses  with  ?  500+  employees  ttrnt 
subscribe  to  major  providers  in  the-  broadband  business  telecommunications  market  www  jdpowet.crtm 
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Cisco  pushing  gear 
for  Ethernet  services 


BY  STEPHEN  LAWSON,  IDG  NEWS  SERVICE 

Cisco  is  getting  ready  to  sell  more  gear  in 
the  burgeoning  market  for  Ethernet  ser¬ 
vices  from  carriers,  as  the  company  last 
week  introduced  new  switches  and  hard¬ 
ware  modules  at  the  Telecom  05  show  in 
Las  Vegas. 

Corporations  are  snapping  up  Ethernet 
services  because  IT  departments  under¬ 
stand  the  technology  from  years  of  experi¬ 
ence  building  and  managing  LANs,  ana¬ 
lysts  say  Extending  it  to  the  WAN  simplifies 
matters  and  lets  them  add  bandwidth  in 
any  increment  they  want  without  in¬ 
stalling  a  new  WAN  router  interface,  says 
Michael  Howard,  a  principal  analyst  at 
Infonetics  Research. 

The  new  Cisco  products  serve  two  main 
purposes:  delivering  Ethernet  packets 
directly  to  offices  and  residences,  and 
aggregating  traffic  from  edge  access 
devices  into  the  carrier’s  network. 

The  Cisco  ME  3400  Series  Ethernet 
Access  Switches  are  24-port  devices 
designed  for  Carrier  Ethernet.  They  are 
designed  to  reside  in  the  basement  of  a 
small  multi-tenant  residential  or  office 


Short  Takes 


■  BellSouth  is  taking  its  wireless 
broadband  beyond  initial  deployments 
and  into  the  storm-ravaged  streets  of 
New  Orleans.  The  carrier  is  offering  a 
pre-WiMAX  wireless  data  service  to 
small  businesses  in  New  Orleans  that 
have  lost  their  telecommunications 
service.  The  service  can  deliver  as 
much  as  1.5M  bit/sec  downstream 
and  costs  $70  per  month.  WiMAX  is 
intended  as  a  metropolitan-scale 
wireless  technology  with  speeds  over 
1M  bit/sec  and  with  a  longer  range 
than  Wi-Fi  wireless  LANs.  The  first 
products  certified  by  the  WiMAX 
Forum  are  expected  to  become  avail¬ 
able  by  year-end.  They  will  be  able  to 
provide  non-line-of-sight  service  to 
stationary  customer  sites;  a  later  ver¬ 
sion  of  WiMAX  is  intended  to  support 
mobile  access. 


building,  or  in  a  facility  that  would  serve 
a  small  neighborhood.  Equipped  with 
10/100M  bit/sec  ports,  the  switches  are 
intended  to  deliver  exponentially  higher 
bandwidth  to  customers  than  typical 
DSL  or  leased  T-l  offerings  bring  today. 
They  feature  two  optical  fiber  uplinks  to 
connect  into  a  carrier  infrastructure, 
such  as  fiber  to  the  premises  or  fiber  to 
the  node,  says  Brendan  Gibbs,  director  of 
product  management  for  Cisco’s  Broad¬ 
band  Edge  &  Midrange  Routing  Business 
Unit. 

Each  port  on  an  ME  3400  is  intended  for 
just  one  subscriber,  and  the  switches  have 
port-level  security,  a  feature  that  prevents 
any  user  from  seeing  packets  intended  for 
users  hooked  up  to  other  ports.  This  is  dif¬ 
ferent  from  the  typical  use  of  an  access 
switch  in  a  company,  where  traffic  among 
members  of  a  workgroup  is  exchanged 
via  the  access  switch,  Gibbs  says. 

Vendors  have  been  trying  to  sell  Ether¬ 
net  gear  to  carriers  for  a  long  time,  but 
only  in  the  past  two  or  three  years  have 
they  come  out  with  products  that  can 
deliver  services  as  steadily  as  service 
providers  need,  analysts  say  Compared 
with  enterprise  LAN  equipment,  carrier 
gear  needs  more  redundancy  and  has  to 
be  able  to  support  specific  service-level 
agreements. 

“Some  people  thought  they  could  just 
take  their  enterprise  switch  and  remarket 
it  as  a  carrier  solution,  and  that  doesn’t 
work,”  says  Ray  Mota.an  analyst  at  Synergy 
Research  Group. 

A  major  step  in  getting  Ethernet  equip¬ 
ment  to  meet  carrier  expectations  was  the 
development  of  specifications  by  the 
Metro  Ethernet  Forum,  a  group  of  service 
providers  and  vendors,  analysts  says.  The 
group  is  now  testing  products  and  certify¬ 
ing  that  key  functions  work  according  to 
its  standards. 

One  of  those  key  functions  is  virtual  pri¬ 
vate  LAN  service  (VPLS),  a  technology 
widely  used  to  emulate  the  guaranteed  per¬ 
formance  that  MPLS  makes  possible  in  the 
core  of  a  carrier  network.  Though  some 
large  corporations  have  been  able  to  set  up 
MPLS, the  Ethernet-based  VPLS  is  much  eas¬ 
ier  to  work  with,  Infonetics’  Howard  says. 

Cisco’s  products  can  support  VPLS,  as  well 
as  other  services,  according  to  Gibbs.  ■ 


A  fond  farewell 
to  Fore  Systems 


EYE  ON  THE  CARRIER 
Johna  Till  Johnson 


Ericsson’s  recent  acquisition  of  Marconi 
for  roughly  $2  billion  strikes  a  bittersweet 
chord. 

In  various  incarnations,  the  British  firm  of 
Marconi  has  been  a  telecom  icon.  The 
company  originally  known  as  the  General 
Electric  Co.,  was  founded  in  1896  and  went 
public  in  1900.  In  1968  it  acquired  the 
Marconi  Wireless  Telegraph  Co.,  founded  in 
the  late  19th  century  by  Guglielmo 
Marconi,  and  which  in  1901  achieved  the 
first  transatlantic  transmission  of  wireless 
telegraphy.  After  many 
twists  and  turns,  the 
combined  company 
was  renamed  Marconi 
Corp.  in  2003. 

The  sale  to  Ericsson  is 
thus  about  more  than  a 
transfer  of  assets.  It’s  also 
a  changing  of  the  guard. 

Ericsson  has  said  pub¬ 
licly  that  it  values  the 
Marconi  brand  at  least  as  much  as  its  tech¬ 
nology  —  which  may  signal  a  lack  of 
enthusiasm  for  continued  development  of 
the  product  line.The  sale  also  illustrates  the 
growing  momentum  behind  wireless  tech¬ 
nologies,  which  is  neatly  ironic:  Marconi, 
founded  as  a  wireless  company  gained 
much  of  its  strength  as  a  provider  of  wired 
switches  and  is  now  acquired  by  another 
wireless  player. 

So  the  acquisition  is  emblematic  at  many 
levels.  But  for  me,  it  signifies  the  bittersweet 
ending  to  another  iconic  tale:  The  story  of 
the  little  network  company  from  nowhere 
that  succeeded  —  against  all  odds. 

Does  anybody  remember  Fore  Systems? 
Back  in  the  early  1990s,  the  company  did 
what  most  pundits  at  the  time  were  saying 
was  impossible:  built  and  sold  working 
ATM  switches.  While  standards  were  still 


When  start-ups 
showcased  press 
releases,  Fore  built 
stuff  that  worked. 


hotly  debated,  and  even  ATM’s  very  feasi¬ 
bility  was  still  in  doubt,  Fore  was  busy 
installing  the  world’s  first  ATM  switches  at  a 
Westinghouse  data  center. 

And  the  company  came  from  virtually 
nowhere:  It  was  started  by  four  PhDs  from 
Carnegie  Mellon, at  the  time  Pennsylvania’s 
best-kept  tech  research  secret,  and  head¬ 
quartered  in  Pittsburgh,  best  known  at  the 
time  for  its  closed  steel  mills. 

I’ll  ’fess  up:  I’ve  always  had  a  soft  spot  for 
Pittsburgh,  and  particularly  for  Pittsburgh 
engineers  (two  of  my  college  boyfriends  fit 
that  unlikely  demographic).  But  there  was 
something  truly  special  about  Fore’s 
accomplishments.  Back  in  an  era  when 
most  start-ups  showcased  slideware  and 
press  releases,  Fore  built  stuff  that  worked. 
Over  the  years,  I’ve  lab-tested  its  gear  many 
times  —  it  was  always  head-and-shoulders 
ahead  of  the  competition  (I  probably  still 
have  some  of  the  test  methodologies  in  my 
fading  notebooks). 

When  the  company 
went  public  in  1994, 
making  instant  million¬ 
aires  out  of  its  founders, 
it  was  a  well-earned  tri¬ 
umph.  And  over  the  suc¬ 
ceeding  decade,  as  ATM 
flourished,  then  slowly 
began  to  give  ground  to 
IP  and  particularly 
MPLS,  Fore  stayed  on  top  technically,  con¬ 
tinuing  to  innovate.  Even  its  1999  sale  to 
Marconi  for  $4.5  billion  was  in  some  sense 
a  validation,  falling  into  the  long  tradition 
of  innovative  technical  acquisitions  (begin¬ 
ning  with  Marconi). 

So  while  everyone  else  is  toasting  the  end 
of  the  Marconi  era,  I’ll  be  raising  a  glass  to 
Fore  Systems,  the  little  network  company 
that  showed  everyone  what  a  few  smart 
Pittsburgh  engineers  can  do. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 
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Suite  tracks  employee  communications 


Enterprise  watchdog 


CTI  Group's  Proteus  Enterprise  suite  gives  companies  a  snapshot 
of  how  employees  are  using  phone,  Internet  and  e-mail  systems. 


Cell  phone 


Proteus  Enterprise 
consolidates  and 
analyzes  usage  data 
from  phone,  Internet 
and  e-mail  systems. 


The  software  collects  and 
analyzes  electronic  copies 
of  employees'  corporate 
cell  phone  records. 


It  generates  cell  phone 
and  e-mail  alerts  to  notify 
business  managers  of 
significant  events,  such 
as  someone  placing  a  911 
emergency  call. 


Reporting  features  highlight 
events  such  as  phone  and 
Internet  abuse  or  customer 
service  problems. 


BY  ANN  BEDNARZ 

With  employees  scattered  across  corpo¬ 
rate,  branch  and  home  offices,  it  can  be 
hard  for  companies  to  keep  tabs  on  indi¬ 
viduals’  communication  expenditures. 

CTI  Group  last  week  unveiled  software 
that  monitors  employee  phone,  e-mail  and 
Internet  use,  and  then  consolidates  the 
data  it  collects  from  distributed  sites. 
Called  Proteus  Enterprise,  the  suite  is 
designed  to  help  companies  see  how 
much  they’re  spending  on  communica¬ 
tions  services,  as  well  as  provide  the  oppor¬ 
tunity  to  divvy  up  communications  costs 
by  office,  department  or  employee,  says 
Adrian  Burt,  senior  vice  president  of  sales 
and  marketing  at  CTI  Group. 

The  software  also  is  a  watchdog  for  moni¬ 
toring  staff  productivity  On  the  phone  front, 
it  can  report  how  many  outgoing  calls  a 
person  makes,  who  is  called  and  how  long 
calls  last.  For  trend  spotting,  Proteus 
Enterprise  can  detail  a  company’s  most-fre¬ 
quent  callers  and  compile  lists  of  calls  that 
were  unanswered  or  abandoned. 

On  the  Web  side,  it  can  identify  which 
sites  employees  visit  and  highlight  non- 
work-related  sites.  The  software  tracks  the 
size  and  timing  of  e-mails  employees  send 
and  receive  —  for  work  and  personal  use. 

Companies  don’t  have  to  look  far  for  jus¬ 
tification  of  such  tools.  Research  released 
this  summer  from  America  Online  and 
Salarycom  suggests  employees  waste 
about  two  hours  every  workday  The  top 


time-wasting  activity  cited  by  44.7%  of 
respondents  was  personal  Internet  use. 

“The  amount  of  abuse  that  goes  on  in 
businesses  on  Internet  and  e-mail  systems 
is  just  phenomenal,”  Burt  says.  By  measur¬ 
ing  the  most-critical  business  tools  employ¬ 
ees  use  —  phone,  e-mail  and  Internet  — 
companies  can  get  a  good  idea  of  what 
they’re  doing  all  day  Burt  says. 

Companies  also  can  cut  costs:  Those  that 
deploy  the  suite  can  expect  to  trim  15%  to 
20%  off  their  telephone  bills  alone,  Burt 
says.  Having  the  software  and  making 
employees  aware  of  its  monitoring  capa¬ 
bilities  will  cause  people  to  become  more 
responsible  when  it  comes  to  phone  use, 
he  says. 

Proteus  Enterprise  is  geared  for  distrib¬ 
uted  work  settings. The  software  aggregates 
data  from  server  log  files,  PBX  and  IP  tele¬ 
phony  systems,  and  cell  phone  accounts.To 
keep  tabs  on  corporate  cell  phone  use,  it 
pulls  electronic  copies  of  employees’ 
mobile  phone  bills  into  its  database.  Some 
employee  cooperation  is  required;  as  new 
numbers  appear,  employees  are  asked  to 
identify  them  as  personal  or  business  relat¬ 
ed,  Burt  says. 

For  real-time  monitoring,  managers  can 
configure  the  software  to  send  e-mail  or 
text  alerts  when  specific  types  of  calls  are 
placed  —  such  as  a  91 1  emergency  call  — 
or  when  certain  Web  sites  are  visited. 

The  data  that  fuels  Proteus  Enterprise 
might  be  familiar,  but  CTI  Group’s  methods 


of  compiling  and  analyzing  it  is  what  mat- 
ters.’A  lot  of  companies  will  have  the  data, 
particularly  from  Internet  and  e-mail  sys¬ 
tems,  but  it’s  not  pulled  together  into  a  con¬ 
sistent,  consolidated  report,  and  it’s  not  pre¬ 
sented  in  a  user-friendly  wajf  Burt  says. 

CTI  Group  sells  licenses  for  on-premises 
deployment  and  offers  a  hosted  version 


of  Proteus  Enterprise.  Companies  with  as 
many  as  500  employees  can  expect  to 
pay  about  $7,000  to  $10,000  for  the 
licensed  software,  while  a  large  organiza¬ 
tion  with  three  or  four  satellite  offices 
might  pay  in  the  $20,000  range,  according 
to  Burt.  Hosting  fees  start  at  about  $500 
per  month.  ■ 


Short  Takes 


■  SAP  last  week  released  a  new  version  of  its 
Business  One  suite  that  features  changes  targeted  at 
small-business  customers.  This  version  of  the  business- 
management  application  allows  for  faster  installation 
and  has  more-intuitive  features,  the  company  says. 
Business  One  now  has  a  customizable  interface  that 
lets  users  filter  information,  and  tool  tips  have  been 
added  for  better  navigation.  Another  new  function,  Copy 
Express,  lets  custom  reports,  queries,  and  user  and  con¬ 
figuration  settings  be  copied.  The  function  is  intended  to 
reduce  set-up  times  and  deployment  errors  at  customer 
sites.  Also  new  in  the  business  suite  is  multilingual  sup¬ 
port  for  invoices,  quotes  and  purchase  orders.  A  diction¬ 
ary  can  translate  remarks  and  documents.  Business 
One  has  37  country-specific  versions  in  20  languages, 
soon  to  be  expanded  to  23  languages.  If  users  have  a 
maintenance  agreement  with  SAP,  there  is  no  charge 


for  an  upgrade.  The  charge  per  user  is  $3,750. 

■  Lenovo  has  unveiled  a  new  series  of  inexpensive 
desktops  designed  to  bring  some  of  itsTninkCentre  PC 
management  technologies  to  low-end  PCs  for  small  busi¬ 
nesses.  The  ThinkCentre  E50  series  desktops  are  Lenovo's 
first  products  for  the  small-business  market  Lenovo,  and 
IBM  before  it,  previously  marketed  these  technologies  to 
larger  businesses  as  part  of  the  ThinkPad  notebook  line¬ 
up,  but  it  is  now  bringing  them  down  to  desktops  that  cost 
as  little  as  $380,  Several  configurations  with  Celeron  and 
Pentium  4  processors  from  Intel  are  available  on  Lenovo’s 
Web  site  and  through  authorized  dealers. 

■  IBM  recently  released  tools  for  its  server-based 
Workplace  platform  designed  to  help  companies  track 
their  performance  by  providing  users  with  analytical 


data  and  collaboration  features  based  on  their  roles 
within  the  company.  IBM  Workplace  for  Business 
Strategy  Execution  can  display  business  data  from  a 
variety  of  sources  as  “dashboards’’  and  “scorecards" 
that  assess  ongoing  performance  and  overall  progress 
toward  specific  business  objectives,  such  as  increasing 
revenue.  For  small  to  midsize  businesses,  WBSE  inte¬ 
grates  with  Workplace  Services  Express,  which  includes 
instant  messaging  and  document  management  The  tools 
also  run  on  WebSphere  portal.  Both  platforms  provide 
access  to  corporate  data  housed  in  back-end  systems 
such  as  financial  applications  and  supply-chain  software. 
IBM  Workplace  for  Business  Strategy  Execution  is  avail¬ 
able  for  small  and  midsize  businesses  and  departmental 
deployments  for  $100  per  user.  It  is  bundled  with 
Workplace  Services  Express  portal  infrastructure  and 
priced  at  $196  per  user. 


A  Division  of  Cisco  Systems,  Inc. 


with  SRX200 


The  affordable  Linksys  SRX200  Wireless-G  Gateway  with  Speed  and 
Range  Expansion  can  double  the  coverage  of  a  typical  Wireless-G 
network  and  reduce  dead  spots,  with  speeds  up  to  6X  faster.  Surf  the 
web,  share  files,  work  and  play  in  places  that  you  never  thought  were 
possible.  Get  a  wireless  network  that  goes  the  distance! 

-  MIMO  technology  works  with  all  standard  802.1 1  b  and  802.1 1  g  products 

-  Improves  range  up  to  2X  and  performance  up  to  6X  over  standard  Wireless-G 

-  Enhanced  security 

LINK5Y5 

Partner 

Connection 


Linksys.  Nobody  makes  networking  easier! 


g 


Visit  www.linksys.com  today  for 
product  details,  or  call  our  Advice  Line  at: 
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Each  week  Network  World  delivers  an 
extensive  line-up  of  product,  service  and 
industry  news,  analysis,  case  studies,  buyers 
guides,  expert  opinion  and  management 
advice  that  Network  IT  Executives  rely  on 
to  get  their  job  done. 

Your  FREE  subscription 
will  include. 


New  product  information  and  reviews  that  break 
through  vendor  hype  and  put  you  in  control  of  your 
technology  purchases 

•  Implementation  strategies  and  security  tips  and  tricks 
that  you  can  use  to  improve  your  infrastructure  and 
boost  your  company's  competitive  standing 

•  Tried-and-true  management  strategies  to  help  you 
boost  your  network  career 

An  insider's  view  on  how  your  competitors  are  using 
new  technology  to  their  business  advantage 


Plus  our  Special  Signature  Series 
Issues — Each  Signature  Series  issue  provides  insights, 
opinions  and  information  on  an  important  aspect  of  the 
industry  to  give  you  the  clearest  picture  of  the  current 
trends  and  trendsetters  in  the  Network  IT  market. 
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apply,  nww.com/free05 
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TICHNOLOfiY  UPDATE 

■  AN  INSIDE  LOOK  AT  TECHNOLOGIES  AND  STANDARDS 


Proposed  standard  eases  WLAN  mgmt. 


HOW  IT  WORKS:  802.11V 

The  proposed  IEEE  standard  802.1 1v  for  wireless  LAN  management  lets 
infrastructure  take  better  control  of  wireless  clients. 


□  Workers  with  wireless  clients  enter  a  conference  room  and  their  devices  connect  to  Access  point  1. 
The  workers  are  then  seated.  Clients  1  and  2  are  closest  to  Access  point  1,  Clients  6  and  7  are  closest 
to  Access  point  2,  and  Clients  3, 4  and  5  are  equidistant  between  the  two. 

B  Clients  6  and  7  see  Access  point  2  has  a  better  signal,  so  they  switch  over  to  it.  But  now  there  are 
a  disproportionate  number  of  clients  on  the  two  access  points.  Access  point  1  has  five  clients  and 
Access  point  2  has  two.  However,  the  wireless  switch  recognizes  the  load  would  be  more  evenly 
balanced  if  Clients  4  and  5  were  moved  to  Access  point  2. 

□  Access  point  1  sends  a  signal  to  Clients  4  and  5  that  it  is  transferring  service  to  Acess  point  2 
because  Access  point  2  is  lightly  loaded. 

□  Clients  4  and  5  transition  to  Access  point  2  quickly  and  seamlessly.  Now  the  network  is  load  balanced. 


BY  SUDHEER  MATTA 

In  enterprise-class  802.11  deployments, 
network  control  is  limited  to  the  infrastruc¬ 
ture,  such  as  wireless  switches  and  access 
points.  Network  administrators  have  little 
control  over  wireless  client  devices  such  as 
laptops,  PDAs  and  voice  over  wireless 
phones.  Uneven  distribution  of  wireless 
clients  on  access  points  typically  results  in 
heavily  unbalanced  networks  that  suffer 
bandwidth  and  access  problems. 

As  a  proposed  standard  for  wireless  net¬ 
work  management,  IEEE  802.1  lv  will  pro¬ 
vide  important  and  efficient  mechanisms 
to  simplify  network  deployment  and  man¬ 
agement.  The  standard  defines  procedures 
by  which  a  wireless  infrastructure  can  con¬ 
trol  key  parameters  on  wireless  client 
adapters,  such  as  identifying  which  net¬ 
work  and/or  access  point  to  connect  to. 

Work  began  on  the  standard  early  this 
year,  and  the  IEEE  expects  to  finalize  it  in 
early  2008.  There  probably  will  be  early 
implementations  of  802. 1  lv  in  2007.  Most 
802.1  lv  support  might  be  implemented  in 
software,  for  new  products  and  to  upgrade 
existing  WLAN  gear.  For  the  standard  to  be 
effective,  clients  (WLAN  cards  and  adap¬ 
ters)  and  infrastructure  (access  points  and 
WLAN  switches)  will  need  to  support  it. 

Wireless  client  control,  network  selection, 
network  optimization,  and  statistics  re¬ 
trieval  and  monitoring  are  among  the  capa¬ 
bilities  proposed  for  802. 1 1 v. 

Wireless  client  control  involves  several 
aspects.  Load  balancing  distributes  wireless 
clients  among  access  points  based  on  their 
loads.  Today  this  is  achieved  by  preventing 
clients  from  connecting  to  overloaded 


access  points  or  terminating  client  sessions 
on  existing  access  points.  But  these  actions 
can  disrupt  client  sessions.  802.1  lv  envi¬ 
sions  making  load  balancing  transparent  to 
users  by  pointing  clients  to  access  points 


with  available  bandwidth  and  resources. 

Time  spent  bringing  up  client  devices 
also  affects  deployments.  With  802.11  a 
client  device  joins  a  network  identified  by 
the  Service  Set  Identifier  (SSID).There  is  no 


mechanism  to  automatically  tell  a  client 
device  what  networks  it  should  connect  to 
without  manually  configuring  the  client 
device  with  the  SS1D  and  security  creden¬ 
tials.  But  with  802. 1  lv  capabilities  are  being 
proposed  to  enable  secure  client  configu¬ 
rations  from  the  infrastructure. This  will  sig¬ 
nificantly  cut  deployment  time  in  large- 
scale  networks. 

Schemes  that  will  save  significant  battery 
life  on  low-power  devices  such  as  voice- 
over-wireless-LAN  phones  also  are  being 
considered  for  802.1  lv.  Any  radio  can  host 
more  than  one  logical  wireless  network. 
And  each  local  network  has  management 
traffic.  There  are  proposals  in  802.1  lv  that 
will  minimize  management  traffic. 

802. 1 1  defines  several  SNMP-type  Manage¬ 
ment  Information  Bases  (MIB)  for  control 
and  provisioning  of  a  variety  of  attributes 
on  the  client  side,  such  as  operational  data 
rates  and  power  management  schemes. 
The  current  802.11  specification  does  not 
provide  functionality  to  control  MIBs  over 
the  air  from  the  network  infrastructure. 
802. 1 1 v  will  provide  mechanisms  to  control 
MIBs  on  the  client  side  and  will  simplify 
client  configurations. 

The  standard  will  be  a  boost  for  enter¬ 
prise  wireless  networks,  because  it  will 
improve  network  control  and  enhance  net¬ 
work  management.  802.  llv  can  consider¬ 
ably  reduce  lead  time  in  bringing  up  net¬ 
works  and  the  cost  of  deployment  and 
overall  network  maintenance.  ■ 

Mattel  is  a  software  engineer  for  Trapeze 
Networks.  He  can  be  reached  at  Matta 
@trapezenetworks.  com. 


Ask  Dn  Internet  By  Steve  Blass 


We  can’t  configure  dial-up  networking  on  a 
laptop  with  Windows  XP  Service  Pack  2  that 
already  has  working  Ethernet  and  wireless 
network  adapters.  Using  dial-up,  the  system 
connects  successfully,  and  we  can  see  pack¬ 
ets  moving  back  and  forth,  but  we  cannot 
connect  to  the  Internet.  All  we  get  are  “Page 
cannot  be  displayed”  errors.  Do  you  have  any 
suggestions? 

Review  the  settings  in  your  dial-up  connection  con¬ 


figuration.  Make  sure  that  hardware  flow-control  set¬ 
tings  match  what  your  service  provider  supports  and 
that  your  compression  and  IP-address  configuration 
settings  are  correct.  You  may  simply  need  to  add 
entries  for  specific  DNS  servers  rather  than  try  to 
pick  them  up  automatically  through  DHCP. 

If  that  fails,  try  the  winsockxpfix  program  (www.net- 
workworld.com,  DocFinder:  9530).  This  utility  repairs  a 
number  of  networking  registry  entries  that  are  often 
scrambled  by  Windows  networking  software. 

If  that  doesn't  work,  carefully  remove  all  your  net¬ 


working  devices  from  the  device  manager  (under 
System  in  the  Control  Panel),  clear  out  the  dial-up 
settings  and  reinstall  the  networking  components.  It’s 
unlikely  you  will  have  to  go  this  far,  because  the 
winsockxpfix  program  usually  can  put  things  back  the 
way  they  should  be  in  order  for  dial-up  networking  to 
work  again. 

Blass,  a  network  architect  at  Change@Work  in 
Houston,  can  be  reached  at  dr.internet@change 
atwork.com. 
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Linksys  VoIP  phone  for  Vonage  a  treat 


Last  week  we  took  a  break  from 
our  VoIP  obsession  but  this  week,  we 
can’t  help  it, VoIP  is  back.  Several  of 
you  have  written  to  back  up  our  sus¬ 
picion:  The  problems  we’ve  been 
having  with  Vonage  lie  in  the  SBC 
network. 

Interestingly  all  of  you  who  have 
cable  broadband  report  nearly  flaw¬ 
less  performance  with  Vonage.  It  may 
be  that  cable’s  generally  higher  data 
rates  make  Vonage’s  VoIP  better  or 
maybe,  as  we  have  mentioned,  the 
rumors  are  true  that  some  telcos  shape  traffic  for  what  they 
say  are  QoS  reasons  that  just  happen  to  degrade  VoIP  ses¬ 
sions  they  aren’t  making  money  on. 

If  there  are  any  SBC  techs  out  there  who  would  be  inter¬ 
ested  in  helping  to  solve  this  problem,  please  get  in  touch. 
We’d  really  like  your  help. 

While  we’ve  been  wrestling  with  our  Vonage  problems  we 
haven’t  been  otherwise  idle  on  the  VoIP  front.  Nope,  over  on 
the  Skype  side  of  the  VoIP  universe  things  are  busy  We  just 
tested  a  new  Skype-related  product  from  Linksys,  the 
Cordless  Internet  Telephony  Kit  (otherwise  known  as  the 
CIT200),and  we’re  very  impressed. 

The  CIT200  works  only  with  Vonage  and  consists  of  a 
wireless  handset  with  a  charger  stand  (which  obviously 
has  a  wall  wart  power  supply)  and  a  separate  box  —  the 
base  station  —  that  connects  to  your  PC  via  USB. 


The  PC  setup  is  simple.  It  installs  the  USB  drivers  and  sets 
up  the  connection  for  your  existing  Skype  installation  or 
installs  a  fresh  copy  of  Skype  if  needed.  That’s  it!  If  your 
Skype  worked  before  you  installed  the  CIT200  it  should 
work  now. 

You  can  program  telephone  numbers  into  the  CIT200  as 
well  as  use  the  numbers  you  have  already  defined  in  Skype 
or  your  existing  Skype  speed-dial  entries. 

Asterisk  . . .  has  the  potential 
to  change  how  companies  think 
of  PBXs. 

The  handset  has  all  sorts  of  setup  options  ranging  from 
basics  such  as  setting  its  internal  clock  to  registering  and 
de-registering  which  base  station  is  paired  with  the  CIT200 
handset. 

The  sound  quality  of  the  CIT200  is  very  good  and  only 
limited  by  VoIP  service  quality  It  also  is  a  speakerphone, 
shows  caller  ID,  has  a  minijack  for  a  headset  and  has  a 
remarkable  unobstructed  range  of  around  300  feet.  Not 
only  that,  the  base  station  can  support  up  to  four  ClT200s 
and  the  handsets  can  be  used  intercom-style. 

To  our  amusement  the  CIT200  produces  a  variety  of  weird 
tunes  and  sounds  for  various  functions  other  than  ringing; 
for  example,  it  sounds  a  peculiar  arpeggio  when  you  put  it 
in  its  charging  stand.  We  haven’t  quite  figured  out  what  all 
the  sounds  mean  but  that  doesn’t  seem  to  matter.  At  around 


$130  the  C1T200  is  rather  pricey  but  it  is  a  terrific  piece  of 
hardware  and  does  the  job  very  well.  Linksys,  please  note: 
We  definitely  need  to  test  this  product  for  an  extended  peri¬ 
od,  say,  the  next  couple  of  years. 

If  you’ve  been  tracking  the  VoIP  universe  you  may  have 
heard  of  a  project  called  Asterisk  (www.asterisk.org).  If  you 
haven’t,  you  really  need  to  keep  your  eye  on  this. 

Asterisk  is  fantastic.  It  is  a  complete,  open  source,  Linux- 
based  multi-protocol, software-only  PBX  that  runs  on  Linux, 
BSD  and  Mac  OS  X.  It  has  all  the  features  you  would  expect 
from  a  serious  business-quality  PBX,  such  as  providing 
voice  mail  services  with  directory  services,  call  conferenc¬ 
ing,  interactive  voice  response  and  call  queuing,  three-way 
calling  and  caller  ID  services.  And  it  can  handle  ADSI, 
Session  Initiation  Protocol  and  H.323  (as  both  client  and 
gateway)  traffic. 

Asterisk  also  provides  open  APIs  and  supports  scripting 
in  a  variety  of  languages.  In  short,  it  is  remarkable  and  in 
many  people’s  eyes  has  the  potential  to  change  how  com¬ 
panies  think  of  PBXs. 

You  can  find  a  lot  of  information  on  Asterisk’s  Web  site 
and  there’s  even  a  book  on  the  system  called  Asterisk:  The 
Future  of  Telephony  by  Jim  Van  Meggelen,  Jared  Smith  and 
Leif  Madsen.This  is  an  excellent  guide  to  the  why  what  and 
how  of  Asterisk.  Highly  recommended. 

Your  recommendations  to  gearhead@gibbs.com.  Oh,  et 
cherchez  le  Gibbsblog  (http://www.networkworld.com/ 
weblogs/ gibbsblog/).  Merci. 


GEARHEAD 
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CoolTools 


Quick  takes  on  high-tech  toys.  Keith  Shaw 

I’m  taking  a  break  from  testing  this  week  to  discuss  the  “slow  PC” 
movement  —  an  idea  that  your  desktop  PC  should  be  elegant,  sim¬ 
ple  to  use  and  refined.  A  lot  of  this  comes  from  the  Slow  Food  move¬ 
ment  (www.slowfood.org),  which  aims  to  get  people  away  from  the  fast-food  men¬ 
tality  and  to  eat  foods  that  are  naturally  or  locally  grown  or  cultivated.  Likewise, slow 
computing  doesn’t  mean  that  it’s  slow  computation  or  slowly  finishing  the  task,  but 
rather  that  the  PC  should  give  users  a  sense  of  belonging  and  peace. 

Leading  the  charge  on  the  idea  is  AOpen,  a  Taiwanese  company  that  this  week 
plans  to  announce  its  AOpen  miniPC,  a  $399  (Linux  Linspire)  and  $499  (Windows 
XP)  computer.The  miniPC  is  a  6.5-inch  square  metallic  computer  with  a  slot-loaded 
CD/DVD  drive  and  power  button  in  the  front.  Imagine  a  small  toaster  placed  on  its 
side  and  you  get  the  sense  of  the  size  of  the  miniPC.  The  back  of  the  machine 
includes  two  USB  ports,  an  IEEE  1394  slot,  digital  video  input  (with  a  VGA  adapter 
for  CRT  or  non-DVl  video),  S-video  slot,  microphone 
and  speaker  ports  and  an  Ethernet  port. 

The  latest  Intel  processors  and 
integrated  802.1  la/b/g  wireless 
components  are  also  included. 

AOPfen  provides  PC  compo¬ 
nents  to  other  companies,  which 
re-brand  them.  For  example, 

VoodooPC  recently  released  its 
IDOL  device,  basically  the  AOpen 
miniPC  with  upgraded  internal 


Simplicity  and  elegance  are  at  the  center 
of  the  slow  PC  movement 


equipment  geared  to  the  PC  gaming 
crowd  (the  IDOL  starts  at  $900). 

Beyond  the  speeds  and  feeds  of  the 
miniPC  is  that  its  design  will  fit  into  the 
slow  computing  idea.  “You  will  love 
your  PC,”  says  A1  Peng,  senior  director  of 
the  Business  Integration  division  at 
AOpen.  Just  as  users  tend  to  “fall  in 
love”  with  other  technology  devices 
such  as  the  iPod,  their  TiVo  and  even 
their  Playstation  Portable,  consumers 

will  begin  to  fall  in  love  with  their  desktop  PCs  if  they  meet  some  of  the  slow  PC 
requirements.  Features  such  as  having  a  refined  small  form  factor,  being  ultra-quiet 
and  being  elegantly  designed  fit  the  bill. 

While  this  may  ring  somewhat  true  for  the  home  environment,  convincing  an  IT 
manager  that  a  miniPC  v/ill  work  for  the  hundreds  (if  not  thousands)  of  end  users 
within  a  corporation  is  a  tougher  sell.  AOPen  says  it  will  likely  modify  the  miniPC  for¬ 
mat  to  include  a  PCI  slot  and  other  features  to  appeal  to  the  IT  manager  who  needs 
to  open  the  box  for  upgrades.  Creating  a  miniPC  format  that 
appeals  to  the  thin-client  market  is  another  possibility  Peng  says. 

The  miniPC  announcement  will  likely  cause  some  people  to 
shout  that  AOpen  is  trying  to  copy  Apple  and  its  Mac  mini  com¬ 
puter,  which  is  similar  in  size  and  shape.  And  if  any  company 
knows  something  about  designing  for  emotion  and  elegance,  it’s 
Apple.  But  AOpen  officials  insist  their  miniPC  fits  more  with  the 
slow  computing  concept  than  just  trying  to  clone  the  Mac  mini. 

I’m  still  skeptical  —  there  is  some  appeal  for  consumers  who  want 
an  elegant,  simple  and  quiet  PC  for  their  living  room  or  kitchen.  But  I 
don’t  think  that  I’ll  be  getting  one  for  the  office.  I’m  working  too  fast. 


I 


The  AOpen  miniPC  is  slightly  wider  than 
a  CD. 


Shaw  can  be  reached  at  kshaw@nww.com. 
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n  Technology 

Adam  Baffin 

Turning  back  the 
clock  10  years 

Set  the  time  machine  to  October  1995  and  jump  in. 
Hardware  vendors  were  pushing  lOOVG-AnyLAN  and 
token  ring.  Nynex,  US  West,  Bell  Atlantic  and  Pacific  Bell 
provided  local  phone  service.  Novell  was  proposing  a 
“SuperNOS”to  unify  NetWare  and  Unix.  Microsoft  had  just 
rolled  out  Windows  95,  which  featured  its  answer  to  Net¬ 
scape,  something  called  Internet  Explorer  l.O.That  new  addi¬ 
tion  to  Windows  would  prove  helpful  to  a  couple  of  start-ups 
called  Amazon.com  and  eBay,  which  were  trying  to  convince 
people  it  was  safe  to  buy  things  online. 

October  1995  also  was  when  we  launched  Network  World 
Fusion  (now  recast  as  NetworkWorld.com)  —  at 
NetWorld+Interop  Atlanta  (where  Bay  Networks  had  a 
booth).  I  used  Windows  (3.1)  Notepad  to  assemble  news  sto¬ 
ries  for  posting  on  the  site  (1  FTP’d  them  by  hand). 

It’s  amazing  how  far  we’ve  come.  Gigabit  Ethernet  to  the 
desktop,  10G  backbones  and  fiber  to  the  home  are  all  reali¬ 
ties  now  (and  today’s  inexpensive  PCs  can  do  a  lot  more  than 
1995’s  expensive  servers).  At  Network  World,  we  now  use  a 
sophisticated  content  management  system  to  serve  up  every¬ 
thing  from  breaking  news  to  RSS  feeds  and  video  Web  casts 
—  from  a  server  farm  running  not  only  proprietary  Oracle 
databases  but  also  a  variety  of  open  source  applications. 

Of  course,  it  hasn’t  been  all  wine  and  roses.  How  much 
money  and  time  do  you  spend  worrying  about  —  and  fight¬ 
ing  off  —  everything  from  spyware  to  denial-of-service 
attacks?  Oh,  for  the  days  when  the  big  worry  was  all  those 
“enormous”  animated-GIF  Christmas  cards  that  clogged  up 
the  e-mail  server. 

But  some  things  never  seem  to  change.  Writing  on  his  IT 
Borderlands  blog  (www.networkworld.com,  DocFinder: 
9531),  Ken  Fasimpaur  recalls  when  he  was  working  for  a 
technology  company  in  1995  that  ultimately  went  belly  up: 

“Simply  put,  none  of  us,  not  the  managers  and  not  the 
developers,  really  knew  what  was  going  on  around  us  tech¬ 
nologically  and  socially  speaking.The  young  developers 
were  too  concentrated  on  just  getting  the  job  done.The 
managers,  of  a  much  more  mature  and  stolid  disposition, 
were  committed  to  sustaining  the  present  scenario  but  not 
to  studying  the  unfolding  future.  One  could  blame  lack  of 
resources  on  both  fronts,  but  in  any  event  there  was  simply 
no  investment  made  to  keep  looking  ahead.  Under  normal 
circumstances  this  might  have  been  survivable,  but  when 
poised  on  the  edge  of  a  radical  shift,  it  was  a  disaster  wait¬ 
ing  to  happen.” 

What  are  your  reminiscences  of  enterprise  networking  in 
1995?  And  how  are  you  preparing  for  the  future?  Come  over 
to  the  NetworkWorld.com  community  where  we  have  a 
forum  going  on  the  topic  (DocFinder:  9532). 

—  Adam  Gaffin 
Executive  editor  of  Network  World.com 
agaffin@nww.com 


Paying  the  tab 

In  Johna  Till  Johnson’s  column  “Somebody’s  got  to 
pick  up  the  ’Net’s  tab”  (www.networkworld.com, 
DocFinder:  9523),  she  writes:  “So  what’s  the  answer: 
Nationalization  or  blanket  reliance  on  the  free  mar¬ 
ket?  My  vote  is  none  of  the  above.”  Actually  it  appears 
she  did  vote  for  blanket  reliance  on  the  free  market. 
Johnson  says  the  Internet  companies  that  stand  to 
lose  the  most  (Yahoo,  eBay  Amazon)  would  be  will¬ 
ing  to  support  a  fair-market  backbone.  This  would 
allow  the  free  market  to  fix  the  problem. 

Thank  God.  Bring  in  the  government  to  nationalize 
the  Internet?  That  scares  the  socks  off  me,  and  not  for 
privacy  concerns  or  government  snooping,  but  just 
for  the  efficiency  Show  me  a  government  agency 
that  is  efficient.  How  about  we  bring  in  the  Federal 
Emergency  Management  Agency  to  run  the  Internet 
—  yeah,  great.  We  could  nationalize  the  Internet 
backbone  and  watch  availability  drop  to  80%.  Free 
markets  fix  problems,  not  government. 

Michael  J.  Morris 
WAN  architect 
Network  Appliance 
Research  Triangle  Park,  N.C. 

The  description  of  peering  in  Johna  Till  Johnson’s 
column  “Somebody’s  got  to  pick  up  the  ’Net’s  tab”  is 
inaccurate. The  column  is  actually  describing  a  tran¬ 
sit  agreement.  Such  agreements  may  be  employed 
for  full  or  partial  Internet  routes  and  are  typically 
billed  on  a  usage  basis.  Peering  is  a  quid  pro  quo 
type  of  agreement  that  doesn’t  involve  an  exchange 
of  currency  Peering  usually  occurs  between  net¬ 
works  sharing  similar  qualities,  such  as  capacity  and 
most  have  increasingly  strict  criteria  for  potential 
peers  to  meet  before  entering  such  an  agreement. 

Scott  Gross 
Washington,  D.C. 


Hybrid  help 

Regarding  your  Management  Strategies  story 
“Hybrid  IT  help”  (DocFinder:  9524):  1  have  been  a 
hybrid  guy  for  years,  but  it  is  not  always  an  easy  sell 
to  be  recognized  for  your  diverse  talents.  I  have 
clicked  with  some  general  manager/CEO  types 
along  the  way  but  I  have  the  toughest  times  with  the 
IT  senior  managers.  Although  my  technical  skills  are 
very  good,  I  could  step  in  the  business  side,  then 
blend  the  two  sides  to  find  a  best-fit  solution  that  was 
sometimes  IT  centric  and  sometimes  not. 

I  lost  my  CIO  job  with  a  small  furniture  manufac¬ 
turer  when  the  company  closed.  I  was  hired  because 
I  was  a  hybrid  to  help  in  a  financial  turnaround 
effort.  It  took  over  six  months  and  lots  of  contacts  to 
make  a  connection  to  a  company  that  needed 
another  hybrid.  I  have  managed  and  worked  inside 
and  outside  IT  in  the  same  organizations  in  manu¬ 
facturing  operations  and  engineering.  I  find  most 
senior  IT  managers  just  don’t  understand  hybrids, 
but  open-minded  senior  business  managers  do. 

In  an  effort  to  diversify  my  talents  I  became  CISSP 
certified,  but  once  again  nobody  wanted  a  hybrid 
security  guy  Everybody  wanted  someone  who  had 
specific  and  verifiable  hands-on  technical  skills.  In 
my  opinion,  many  of  the  security  issues  in  the  IT 
arena  today  are  not  solely  technical  based  but  lead¬ 
ership  based.  Today  you  need  a  holistic  approach. 
Tools  only  make  the  people  better,  not  invincible.You 
need  to  focus  on  people  and  security  education  that 
is  augmented  with  tools,  not  the  other  way  around. 

Mark  Strickland 
Director  of  IT 
Balfour  Beatty  Construction 
Atlanta 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 
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Sourcelire  may  resurrect  Check  Point 


Soon  after  he  helped  found  Sourcefire  in 
2001, 1  met  with  Marty  Roesch,  the  compa¬ 
ny’s  CTO.  Roesch  also  is  the  architect  and 
lead  developer  of  Snort, an  open  source  intrusion- 
detection  sensor.  One  of  the  first  things  he  said 
was, “We  will  not  fork  Snort” —  that  is,  make  two 
versions,  one  open  source  and  the  other  propri¬ 
etary  to  give  Sourcefire  a  competitive  edge.  In¬ 
stead,  the  company  would  go  with  the  same  open 
source  sensor  available  to  everyone  and  build  on 
top  of  Snort  to  make  an  enterprise-ready  intru¬ 
sion-detection  system. 

Thus,  Sourcefire’s  mandate:  Build  the  infrastruc¬ 
ture  needed  to  wrap  around  a  detection  engine 
like  Snort  and  put  together  an  IDS,  with  emphasis 
on  the  “system”  part. 

I’ve  been  watching  Sourcefire  carefully  since 
2002,  and  what  impresses  me  most  about  the 
company  is  the  astonishing  creativity  and  sharp 
focus  of  the  entire  team.  Starting  nearly  from 
scratch,  Sourcefire  has  aimed  to  compete  with 
huge,  established  players  in  the  network  security 
business,  such  as  Internet  Security  Systems.  And 
while  most  of  the  other  players  have  fallen  by  the 
wayside  or  been  sucked  into  product-destroying 


mergers  with  big  vendors, Sourcefire  keeps  churn¬ 
ing  out  new  products  and  ideas. 

Which  brings  me  to  Check  Point.  When  I  first 
saw  Check  Point's  firewall  in  1995,  it  was  an  instant 
winner  in  my  Network  World  competitive  firewall 
test  —  and  continued  to  win  for  years.  Check 
Point  understood  firewall  management  and  de¬ 
ployment  in  a  way  that  no  other  company  did. 
Firewall-1  had  a  “wow”  factor  that  told  me  Check 

Check  Point  needs  to 
regain  creativity  . . .  and 
Sourcefire  has  that  by  the 
bushel. 

Point  was  serious  about  understanding  and  solv¬ 
ing  the  problems  of  firewalls.  Fast-forward  to  2003, 
and  the  story  is  not  so  sweet.  Check  Point  had  con¬ 
tinued  to  extend  Firewall-1 ,  but  this  was  not  the 
exciting  and  innovative  company  of  1995.  It  was 
competent  and  had  a  good  product,  but  creative 
and  innovative?  Not  from  my  point  of  view. 

Check  Point  has  since  come  out  with  three  new 
products:  an  intrusion-prevention  system,  an  SSL 


VPN  and  a  security  event  management  tool.  It 
bought  Zone  Labs.  So  there’s  been  action.  But 
none  of  the  new  products  has  inspired  the  wow 
factor  that  I  saw  in  1995. 

This  is  why  Check  Fbint  and  Sourcefire  are  such 
an  exciting  marriage.  Check  Fbint  needs  to  regain 
creativity  and  refocus  on  doing  interesting  things 
to  solve  its  customers’  problems,  and  Sourcefire 
has  that  by  the  bushel.  The  Sourcefire  team  has 
taken  great  ideas  and  turned  them  into  products 
in  record  time  with  very  limited  resources.  If 
Sourcefire’s  energies  can  be  integrated  into 
Check  Fbint,  the  potential  is  incredible. 

Meanwhile,  Sourcefire  has  its  own  lacunae.  The 
company  has  products,  but  they’re  missing  pieces 
—  things  that  Check  Fbint  does  very  well.  And 
Sourcefire  can  certainly  benefit  from  the  mature 
marketing,  distribution,  quality  assurance  and 
support  infrastructure  of  an  established  company 
such  as  Check  Fbint.  If  this  marriage  works,  expect 
great  things  from  Check  Fbint  —  again. 

Snyder,  a  Network  World  Test  Alliance  partner, 
is  a  senior  partner  at  Opus  One  in  Tucson,  Ariz. 
He  can  be  reached  at  Joel. Snyder@opusl .com. 


Don't  politicize  the  internet 


By  design,  the  Internet  is  a  highly  decen¬ 
tralized  global  network  of  networks,  bound 
together  by  simple  protocols, ultimately  con¬ 
trolled  by  no  one.This  has  been  an  important  fac¬ 
tor  in  the  Internet’s  remarkable  growth  and 
adaptability  Yet  developments  in  the  next  few 
weeks  could  upend  this  arrangement  and  lead  to 
politicization  and  barriers  in  the  way  the  Internet 
provides  access  to  information  worldwide. 

Next  month  in  Tunisia,  a  U.N.  conference  known 
as  the  World  Summit  on  the  Information  Society 
(WSIS)  will  consider  options  that  would  fatally 
undermine  the  Internet  Corporation  for  Assigned 
Names  and  Numbers  (ICANN),  the  private-sector- 
led  body  that  oversees  the  Internet’s  DNS.  The 
DNS  is  a  system  of  computer  files  with  pointers 
that  ultimately  link  to  the  top-level  domains. At  the 
top  of  the  chain  is  the  authoritative  root  system, 
the  main  part  of  which  is  a  file  with  about  200 
entries  that  correspond  to  the  generic  top-level 
domains  (.com,  .net,  .org)  and  a  country-code 
top-level  domain  (.us,  .uk,  ,jp)  for  nearly  every 
country  in  the  world,  along  with  their  unique  IP 
addresses.The  root  system  is  key  to  the  Internet  as 
a  unitary  global  network.  If  there  were  multiple  or 
non-interoperable  roots,  the  Internet  could  balka- 
nize  into  non-interacting  parts. 

The  WSIS  will  consider  several  options,  some  of 
which  have  ICANN  reporting  to  the  United 
Nations  or  have  U.N.  bodies  replacing  ICANN  sub¬ 
groups.  As  justification  for  this,  the  U.N.  cites  “uni¬ 
lateral  control  by  the  United  States  government” 
over  the  root,  and  the  secondary  role  for  govern¬ 
ments  at  ICANN.  In  addition,  earlier  this  month  in 
Geneva,  European  Union  states  joined  many 
other  governments  of  developing  countries  in 


calling  for  a  new,  intergovernmental  body  to  over¬ 
see  the  Internet. 

The  U.S.  government’s  role  has  been  misunder¬ 
stood  and  misrepresented.  For  historical  reasons, 
the  Commerce  Department  reviews  the  process 
by  which  ICANN  makes  root  changes  and  gives 
final  approval  for  any  such  modifications. 
Typically  these  are  routine  changes  in  the  IP 
address  of  a  top-level  domain  —  invisible  to 
Internet  users,  and  with  no  effect  on  content,  but 
which  could  impact  the  stability  and  security  of 
the  Internet  if  handled  improperly 

The  Commerce  Department  has  never  over¬ 
turned  an  ICANN  decision,  and  with  ICANN’s 
growing  capacity  and  legitimacy  there  is  no  rea- 

The  U.S.  government’s  role 
[in  overseeing  the  Internet] 
has  been  misunderstood 
and  misrepresented. 

son  to  suspect  that  it  ever  will.  ICANN,  with  its 
multistakeholder  model,  really  makes  the  deci¬ 
sions  —  not  the  U.S.  government. 

Frankly  the  U.S.  government,  by  creating  ICANN 
in  the  first  place,  voluntarily  relinquished  this 
power  to  the  international  Internet  community  — 
something  that  the  U.N.  group  does  not  adequate¬ 
ly  recognize. 

That  said.it  is  clear  that  governments  around  the 
world  do  have  a  legitimate  interest  in  Internet  gov¬ 
ernance  and  an  important  role  to  play  in  ICANN’s 
management  of  the  DNS.  To  its  credit,  the  U.N. 
report  recognizes  that  Internet  governance  is 


broader  than  the  DNS,  and  that  national  authori¬ 
ties  have  an  important  role  to  play  in  areas  such 
as  spam,  cybercrime  and  access.  As  a  U.S.senator, 
I  would  not  want  ICANN  or  the  U.N.  to  tell  me  I 
could  not  look  at  these  issues, and  I  am  sure  other 
legislators  and  policymakers  around  the  world 
feel  the  same  way 

But  it  is  very  important  not  to  break  something, 
especially  for  spurious  political  reasons,  that  is 
starting  to  work  well.  ICANN  manages  only  the 
“plumbing”  of  the  Internet.  It  is  run  by  private-sec- 
tor  experts  and  is  accountable  to  the  global 
Internet  community  including  all  U.N.  member 
governments.  I  hope  the  final  WSIS  meeting  next 
month  will  adequately  recognize  this.  I  suspect 
that  many  Internet  stakeholders  around  the  world 
have  the  same  uneasy  feeling  that  I  do  about  the 
possibility  of  a  politically  driven  U.N.  takeover  of 
ICANN’s  functions.  I  hope  to  hold  a  Senate  hear¬ 
ing  on  this  issue  later  in  the  year,  to  make  sure  that 
Congress  understands  what  is  at  stake. 

It  is  very  important  that  the  set  of  values  imbed¬ 
ded  in  the  Internet’s  current  open  structure  and 
governance  not  be  substantially  changed.  People 
everywhere  would  be  badly  served  if  we  allowed 
control  of  the  Internet  to  be  transferred  from  com¬ 
petent  experts  to  a  political  body  without  relevant 
experience. 

That  decision  will  be  taken  later  this  year.  1  will 
follow  these  developments  closely  and  I  will  con¬ 
tinue  to  work  to  ensure  that  the  Internet  remains 
the  remarkable  global  resource  that  it  is  today 

Burns  is  a  Republican  U.S.  senator  from 
Montana.  He  can  be  reached  at  ConradJBurns 
@burns.senate.gov. 
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Political  standoff  in  IEEE  slows  progress  of  much- 
anticipated  100M  bit/sec  WLAN  standard. 


BY  CRAIG  MATHIAS 


THERE  IS  ONE  GREAT  TRUTH  IN  ANYTHING  HIGH  TECH  — 
faster  is  always  better.  Which  is  why  customers  are  eagerly 
anticipating  802.1  In  wireless  LAN  products  that  promise 
greater  throughput,  not  to  mention  greater  range  and  reliabili¬ 
ty,  than  todays  801.1  la/b/g/  products. 


But  if  you're  looking  to  buy  standards- 
based,  Wi-Fi  Alliance  approved,  enterprise- 
ready  802.1  In  Multiple-Input.  Multiple-Output 
(MIMO)  gear,  you’ll  will  have  to  wait  wrhile 
competing  vendor  groups  hash  out  their  dif¬ 
ferences. 

Even  though  the  802.1  In  effort  has  been  ongo¬ 
ing  within  the  IEEE  since  2002,  don't  expect  to 
see  a  final  standard  nailed  down  until  the  end  of 
2006  and  don’t  expect  to  see  products  until 
2007.  For  example.  802.1  In  handsets  for  voice 
over  Wi-Fi  won’t  be  available  for  at  least  a  year 
after  the  standard  is  finished,  because  of  the 
complexity  of  engineering  such  a  device. 

Standards  operating  procedure 

The  IEEE  standards  development  process  is 
designed  to  assure  that  standards  are  broad¬ 
ly  acceptable  and  have  sufficient  validity  to 
serve  even  in  legal  proceedings. 

The  process  is  rigorous  from  the  start. 
Before  the  IEEE  approves  a  standards  effort, 
a  proposal  must  meet  several  criteria:  broad 
market  potential,  inter-layer  compatibility,  an 
identity  distinct  from  other  802  standards, 
technical  feasibility  and  economic  feasibility. 

Once  a  Program  Authorization  Request 
(PAR)  is  approved,  subsequent  work  is  sub¬ 
ject  to  five  principles:  due  process,  consen¬ 
sus  (it  takes  a  75%  vote  to  pass  a  standard), 


openness,  balance  (broad  representation  of 
interests)  and  the  right  of  appeal. 

The  PAR  for  MIMO  was  approved  in 
September  2003.  The  group  initially  received 
36  proposals,  which  were  reduced  to  four  in 
January  2005,  then  to  two. 

TGnSync  vs.  WWiSE  (vs.  EWCP) 

One  proposal  called  TGnSync  includes 
Agere.  Atheros,  Cisco,  Intel,  Qualcomm  and 
Symbol  Technologies.  The  key  TGnSync  posi¬ 
tion  is  the  support  of  wider  bandwidth  chan¬ 
nels  (40  MHz  vs.  20  MHz  used  in  802.11), 
potentially  simplifying  the  design  of  stan- 
dards-based  products. 

The  other  proposal  is  called  WWiSE  and 
includes  Airgo  Networks  (the  first  company 
to  build  a  pre-802.11n  or  MIMO  Enhanced 
WLAN  [MEW]  chipset),  Broadcom,  Conexant. 
HP,  Motorola.  Siemens  and  Texas 
Instruments.  An  interesting  element  of 
WWiSE  is  a  royalty-free  contribution  of  intel¬ 
lectual  property,  potentially  lowering  costs 
for  products  based  on  the  standard.  Both 
groups  were  asked  to  meet  offline  and  work 
out  their  differences,  with  a  final  agreement 
expected  by  next  month,  because  neither 
group  had  been  able  to  get  75%  approval,  . 

However,  a  new  vendor  group,  called  the 

See  MIMO,  page  52 
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□  CAN  WE  BUILD  ON  IT  FOR 

□  CAN  OUR  PEOPLE  MANAGE  IT 

□  WILL  IT  LOWER  TCO 


THE  FUTURE 


sTget  the  facts. 

RADIOSHACK  COMPARED  TCO  AND  FOUND 
WINDOWS  SERVER  SYSTEM  WILL  SAVE 
THEM  MILLIONS. 

"In  upgrading  our  aging  UNIX-based  servers,  we 
considered  both  Windows  Server™  and  Linux. 
Windows  Server  System™  offered  several  advantages, 
including  the  ability  to  consolidate  our  in-store  servers 
by  50%  from  10,200  to  5,100 — and  a  savings  of 
several  million  dollars  in  hardware,  software,  systems 
management,  and  support  costs."  -Ron  Cook,  Vice 
President  and  CTO,  RadioShack  0  RadioShack. 

For  these  and  other  third-party  findings,  go  to 
microsoft.com/getthefacts 


/ 
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Bountiful  Router  offers 
plentiful  wireless  range 


Results  3.58 


$675  _ 

Pros:  Incomparably  strong  signal/reception; 
good  for  many  installations. 

Cons:  Lacks  key  business  access  point  features; 
nearly  absent  of  documentation  and  help. 


BY  TOM  HENDERSON,  NETWORK  WORLD  LAB  ALLIANCE 

The  Bountiful  WiFi  Router’s  claim  to  fame  is  its  signal  strength.  The  compa¬ 
ny’s  founder,  David  Egbert,  started  a  company  that  developed  Linksys’ 
Wireless  Signal  Booster,  an  item  that  is  very  popular  (we  often  use  one  in  our 
labs).  In  testing  the  Bountiful  Router,  we  found  a  feature  set  similar  to  many 


The  Breakdown 

Management  38% 

3 

Security  30% 

4 

Performance  25% 

5 

Installation/Documentation  15% 

1.5 

Tetal  score 

3.58 

Scaring  Key: 

5:  Exceptional. 

4:  Very  good. 

3:  Average. 

2:  Below  average. 

1:  Subpar  or  not  available. 


other  business-class  Wi-Fi  routers. 

But  unlike  other  routers  we’ve  tested,  the  Bountiful 
Router’s  signal  strength  (and  receiver  sensitivity)  expand 
the  radius  normally  thought  of  for  802.1  lb/g  service. 
However,  the  lack  of  useful  documentation,  configuration 
options  and  potential  security  issues  marred  our  overall 
impression  of  the  device. 

Bountiful  signal 

We  received  two  units  that  look  very  much  like  every 
other  Wi-Fi  access  point/router  we’ve  seen  —  a  box  with 
two  antennas  and  ports  on  the  back  for  additional 
switched  connections.  We  connected  the  routers  to  our 
Gigabit  Ethernet  network  (see  How  we  did  it,  page  52). 

Once  installed,  a  very  sensitive  radio  receiver  matched 
the  1-watt  output  of  the  Bountiful  Router  (through  its  twin 
antennas). This  means  that  the  strong  Wi-Fi  signal  that  the 
unit  generates  can  be  “heard”  for  a  long  distance,  and  the 
Bountiful  Router  is  still  able  to  hear  client  signals  from 
comparatively  far  distances.The  added  power  of  the  router 
became  very  appealing  before  our  radiological  testing,  and 


Going  the  distance 

Compared  with  a  standard  802.1 1g  wireless  access 
point/router,  the  Bountiful  Router  off ered 
considerably  higher  range  and  energy  output. 

Walkabout  range* 


Card/client 

Linksys  WRT54g 

Bountiful  Router 

Airport  Extreme  (G) 
MacOS  10.3.9 

538  feet 

1,122  feet 

Linksys  WG201 

Windows  XP  SP2 

561  feet 

1,204  feet 

Spectrum  Analyzer  Energy  (in  DBm) 


Router 

16  feet  away 

82  feet  away 

164  feet  away 

Linksys  WRT54g 

4dbm 

-38dbm 

-62dbm 

Bountiful  Router 

12dbm 

-22dbm 

-41dbm 

’Distance-  between  access  point  and  client  until  connection  broke. 


the  sensitivity  of  the  receiver  means  that  our  axial  Wi-Fi 
range  was  mightily  extended.The  router  started  to  interfere 
with  neighborhood  access  points  frequently  and  demon¬ 
strably  —  we  received  supplicant  association  attempts 
from  Wi-Fi  clients  more  than  600  feet  away 

We  conducted  two  range  tests  —  a  radius  comparison 
with  a  common  access  point  (the  Linksys  WRT54g)  to 
judge  unobstructed  free-air  optimized  range,  and  tests 
using  an  AirMagnet  Wi-Fi  Spectrum  Analyzer.  In  the  walk¬ 
about  test,  we  positioned  each  access  point  outdoors  at 
almost  10  feet  high.  We  continued  to  run  a  looped  FTP 
script  until  the  operating  system  reported  a  disconnection 
and  measured  the  radius. 

The  test  results  indicated  that  the  Bountiful  Router 
exceeded  the  operational  radius  of  the  Linksys  router  by  a 
considerable  and  desirable  dis¬ 
tance.  Anecdotally  we  found  the 
router  to  be  stronger  overall  in  our 
multistory  facility  Because  there’s  a 
larger  overall  operational  radius, 
some  of  the  formulas  used  to  design 
Wi-Fi  router  placement  will  need  to 
be  shifted  to  accommodate  the  pos¬ 
sible  problems  with  the  “loud  voice” 
of  the  Bountiful  Router,  as  co-chan¬ 
nel  interference  in  tight  quarters 
with  nearby  Wi-Fi  access  points  will 
be  higher.  We  experienced  this  first¬ 
hand,  after  neighbors  complained 
that  their  Wi-Fi  setup  had  slowed  to  a 
crawl.We  discovered  their  PCs  trying 
to  associate  with  the  Bountiful  setup 
we  had  made. 

Not-as-bountiful  features 

All  functions  can  be  controlled  through  a  Web  browser 
to  the  units,  which  have  very  common  (and  therefore  pos¬ 
sibly  problematic  with  other  units)  identical  non-routable 
IP  addresses.The  units  shipped  with  no  user  name  and  rea¬ 
sonably  obtuse  passwords.  Oddly  we  couldn’t  set  new  user 
names;  we  could  only  change  the  password,  and  the  system 
doesn’t  check  to  see  whether  it’s  a  strong  password.  Only 
the  password-failure  timeout  feature  prevents  a  dictionary 


attack  on  the  router. 

Although  telnet  and  Web  interfaces  are  turned  off  by 
default,  they  can  be  turned  on  and  accessed  on  the  out¬ 
bound  side  of  the  router  connection.  We  found  the  inclu¬ 
sion  of  telnet  to  be  dangerous,  but  at  least  it’s  normally 
turned  off.No  listing  of  command-line  interface  use  was 
offered,  and  we  found  it  necessary  to  use  the  bare  CL1- 
help  commands  to  figure  out  the  CLl-setups  for  the  com¬ 
mands.  There  is  no  trivial  FTP  or  other  protocol  method 
that  can  be  used  to  send  standard  template  files  of  infor¬ 
mation  (for  example,  a  list  of  permitted  or  denied 
Ethernet  media  access  control  addresses),  although  the 
unit’s  firmware  can  be  updated.The  unit  also  doesn’t  sup¬ 
port  SNMP  of  any  flavor. 

A  simple  and  effective  wizard  is  available  upon  initial 
logon  to  the  unit.  The  wizard  took  our  desired  settings  (or 
subsequent  changes)  and  correctly  implemented  them. 

For  the  majority  of  branch  office  and 
single  access-point  deployments,  the 
wizard’s  settings  will  likely  apply  but 
larger  organizations  will  have  prob¬ 
lems  with  the  limited  configuration 
options. 

A  DHCP  server  is  available,  but  no 
forward-server  referencing  is  avail¬ 
able.  For  larger  organizations,  this 
means  that  pools  of  DHCP  addresses 
need  to  be  carefully  allocated.  If 
ports  need  to  be  proxied  for  specific 
purposes,  we  were  limited  to  15  port 
selections,  User  Datagram  Protocol 
(UDP)  or  TCP  (and  not  both)  per 
port  desired.Those  attempting  to  use 
the  router  for  VoWi-Fi  will  be  disap¬ 
pointed,  as  ad  hoc  setups  used  by 
various  VoIP  protocols  aren’t  feasible 

this  way 

The  router  includes  a  firewall  (stateful  packet  inspec¬ 
tion);  in  our  testing  only  traffic  initiated  through  the  rout¬ 
ed  side  of  the  Router  could  pass  through.  However,  no 
documentation  is  available  about  the  firewall  or  its  func¬ 
tionality.  In  addition,  there’s  no  toggle  that  let  us  turn  the 
firewall  on  or  off. 

There  are  no  help  screens  on  the  setup  or  other  Web 

See  Bountiful,  page  52 


It  may  look  like  a  regular  Wi-Fi  router,  but 
the  Bountiful  Router  offers  a  considerably 
higher  range. 


SDLT  600  TASTE  TEST 


TK8T  #1 


SDLT  600  Results 


Manageability 

Compatibility 


WORM 


High  Capacity 


>  iTlfcWorld 


In  a  blind  taste  test,  the  SDLT  6 
comments  included,  “if  there  is  a 
the  next  round  with  condiments 
SDLT  600  has  more  capacity  ar 
DLTSage™  diagnostic  managem 
How  do  we  know?  It's  been  tested 
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MIMO, 

continued  from  page  48 

Enhanced  Wireless  Consortium, 
unexpectedly  emerged  within 
the  past  couple  of  weeks. 
Depending  how  it’s  viewed,  this 
new  group  could  throw  a 
major  monkey  wrench  into  the 
process,  or  it  could  break  the 
deadlock. 

It  appears  that  EWC,  which 
plans  to  put  its  proposal 
before  the  IEEE  in  hopes  of 
reaching  the  75%  threshold, 
includes  companies  from  both 
the  WWiSE  and  TGnSync 
camps.  At  the  chip  level,  the 
new  group  includes  Intel, 
Atheros,  Broadcom  and 
Marvell  but  not  Airgo. 

In  the  best-case  scenario,  a  sin¬ 
gle  proposal  could  be  ready  by 
next  month  and  approved  as  a 
draft  standard  in  January.  That 
would  mean  three  years 
between  PAR  approval  and  a 
draft  standard.  By  contrast, 

802.1  lb  took  only  two  years. 

But  the  availability  of  a  draft 
standard  is  not  the  same  as 
completion  of  a  standard.  Much 
additional  work  is  needed, 
including  ferreting  out  errors 
and  inconsistencies. 

There  also  are  letter  ballots 
(within  the  .1  In  Task  Group), 
Sponsor  Ballots  (think  of  this  as 
external  peer  review),  a  vote  by 
the  802  Executive  Board  and  a 
final  vote  by  the  IEEE  Standards 
Board.  Once  all  that  is  done,  it 
takes  a  few  weeks  for  the  final 
standard  to  be  published. 

If  all  goes  well, we ’re  talking 
the  end  of  2006. 

Spec  approval  doesn’t  mean 
that  approved  products  are 
available. The  Wi-Fi  Alliance 
plays  a  role  almost  as  important 
as  that  of  the  IEEE.  Because  the 
standards  do  not  include  speci¬ 
fications  for  test  procedures  (or 
the  tests  themselves)  to  verify 
compliance,  compatibility  or 
interoperability,  the  Wi-Fi 
Alliance  conducts  interoperabil¬ 
ity  testing  and  certifies  prod¬ 
ucts.  While  its  work  can  pro¬ 
ceed  in  parallel  with  overall 
standards  development,  this 
effort  is  separate  from  802.1 1. 

The  MIM0  game  plan 

With  standards-based  MIMO  on 
the  horizon  and  with  non-stan¬ 
dard  products  out  now,  what 
should  enterprise  executives  do? 

first  of  all, standards-based 
802. 1 1  n  products  will  be  back¬ 


MIMO  timeline: 

If  all  goes  according  to  plan,  the  IEEE  will  approve  a  final  MIMO 
standard  late  in  2006,  with  the  first  standards-based  MIMO 
products  appearing  in  2007. 

Initial  discussions:  2001 

First  MlMO-enhanccd  WLAN  (MEW)  chipsets:  August  2003  (Airgo  Networks) 

First  IEEE  working  group  meeting:  September  2003 
Thirty-six  proposals  submitted:  December  2004 
Field  weeded  down  to  four  proposals:  January  2005 


Standards-based  802.11n  products:  2007 


ward  compatible  with  existing 
802.1 1 /Wi-fi  products,  so  we  rec¬ 
ommend  continuing  to  purchase 
traditional  products  in  advance 
of  the  availability  of  Wi-Fi 
approved  802.1  In  products.That’s 
if  you  can  wait  for  100M  bit/sec 
performance. 

When  it  comes  to  the  products 
on  the  market  today  based  on 
MEW  (formerly  “pre-n”)  technolo¬ 
gies,  the  issue  is  a  bit  trickier. 

We  recommend  enterprise  use 
of  MEW  clients  today,  but  the 
lack  of  any  enterprise-specific 
MEW-based  infrastructure  com¬ 
ponents  gives  us  pause.  At  a 
minimum,  enterprise-class 
access  points  must  support 
power  over  Ethernet  and  man¬ 
agement  capabilities,  and  ideal¬ 
ly  be  part  of  a  switched  or  cen¬ 
tralized  WLAN  architecture.  We 
don’t  expect  to  see  many  of 
these  in  advance  of  the  stan¬ 
dard,  but  availability  of  the  draft 
standard  will  spur  the  produc¬ 
tion  of  prestandard  products. 

This  being  the  case,  we  don’t 
put  too  much  stock  in  claims  of 
upgradeability  to  the  standard  for 
MEW  products. While  firmware 
upgrades  are  likely  full  compli¬ 
ance  with  the  final, Wi-fi-certified 


standard  cannot  be  guaranteed. 

While  MEW  products  should 
have  a  happy  life  ahead  of  them 
for  the  next  18  months  or  so,  even 
in  some  enterprise  client  applica¬ 
tions,  it’s  very  likely  that  the  enter¬ 
prise  will  need  to  plan  a  phased 
transition  to  fully  compliant 

802.1  In  products  that  could  take 
several  years. 

One  other  important  point  — 
standards  are  specifications  for 


interfaces,  but  not  recipes  for 
how  to  design  and  build  success¬ 
ful  products.  We  expect  to  see  a 
broad  range  of  products,  some 
clearly  better  than  others,  and 
some  designed  for  specific  appli¬ 
cations.  We  expect  a  high  degree 
of  variability  in  802.1  In  products, 
including  some  offering  well  in 
excess  of  300M  bit/sec,  and  per¬ 
haps  as  much  as  600M  bit/sec. 

And  this  begs  the  question:  Is 


802.1  In  the  end  of  the  road  for 
WLANs?  After  all,  600M  bit/sec 
should  be  plenty  for  a  huge 
number  of  applications.  Still, 
innovation  continues  to  define 
wireless  as  a  whole.  Ultra- 
wideband  technologies  promise 
multiple-gigabit  throughput,  and 
60  GHz  radios  could  offer  more 
than  that. 

The  core  justification  for  the 
adoption  of  wireless  has  always 
been  convenience. The  any¬ 
time/anywhere  nature  of  wire¬ 
less,  and  the  lack  of  any  substi¬ 
tute  technology  will  continue  to 
guarantee  its  success  in  the 
future.  WLANs,  largely  because  of 
802. 1 1  and  the  work  of  the  Wi-fi 
Alliance,  have  continued  their 
rapid  advance  in  pursuit  of  the 
goal  of  parity  —  both  in  through¬ 
put  and  overall  functionality  — 
with  wire. 

With  802.1  In  on  the  horizon, it’s 
hard  to  imagine  that  WLANs  will 
not  become  the  default  connec¬ 
tivity  for  the  vast  majority  of 
enterprise  users  over  the  next 
few  years. 

Mathias  is  a  principal  at  the 
Farpoint  Group.  He  can  be  reached 
at  craig@farpointgroup.com. 


Bountiful, 

continued  from  page  50 

pages  to  which  the  router  has  access.  Only  a 
single  sentence  admitting  that  the  firewall 
exists  can  be  found  on  the  10-page  docu¬ 
ment  sent  separately  from  the  routers. 
Wireless  VoIP  and  wired  VoIP  using  port 
setup  protocols,  failed  as  the  call  setups 
need  dynamic  inbound  port  setups  over  a 
wide  range. 

We  successfully  used  VPNs,  both  Foint-to- 


How  we  did  it 


We  tested  the  Bountiful  Router  in  two 
scenarios,  inside  our  lab,  and  an 
outside,  free-air  test  of  the  unit.  The 
outside  test  was  used  line-of-sight,  an 
almost  10  foot  elevation,  in  graduated 
measurements  until  the  unit  dropped  to 
1M  bit/sec  for  each  access  point.  We 
encountered  numerous  signal  problems, 
which  we  eventually  tracked  down  and 
shut  off,  as  this  is  a  sensitive  access  point. 
Measurement  tests  were  performed  using 
a  closed  network  FTP  script  transfer  that 
measured  the  speed  at  graduated  steps 
(see  graphic). We  also  used  the  AirMagnet 
spectrum  analyzer  (HP  ZV5000  notebook 
with  external  AirMagnet  antenna)  to  mea- 


Pbint  Tunneling  Protocol  (through  direct  port 
proxy)  and  IPSec  (as  the  router’s  firewall  can 
be  configured  for  “Windows  MultiMedia” 
pass-through,  which  did  the  job). 

The  router  can  be  configured  with  Wi-fi 
Protected  Access,  WPA-PSK  and  WPA2  security 
as  well  as  802.1X-based  certificates  that  allow 
the  RADIUS  protocols.  Both  versions  of  WPA 
worked  correctly  and  our  proxy  authentica¬ 
tion  (OpenRADIUS)  server  worked  correctly. 
There  were  no  traffic  slowdowns  through  the 
use  of  any  of  these  protocols  in  our  tests. 


sure  signal  strength  during  the  tests.  We 
used  a  Toshiba  Satellite  notebook  with  an 
Orinoco/Prism  802.1  lg  card  as  the  dis¬ 
tance-measuring  device. 

We  also  tested  each  security  option  and 
verified  that  all  worked  with  our  internal 
RADIUS  servers.  Our  observations  were 
that  the  signal  strength  was  “five  bars” 
throughout  our  facility,  an  improvement 
on  our  other  802. 1 1  g  access  points,  which 
reach  as  few  as  one  bar  in  some  loca¬ 
tions.  Although  the  vendor  claims  1,200 
feet  of  radial  usable  distance,  we  believe 
that  it’s  perhaps  half  that  distance, 
although  considerably  wider  than  any 
we’ve  seen  so  far. 


Summary 

The  Bountiful  Router  has  conflicting  quali¬ 
ties  —  unparalleled  useful  operational  radius 
coupled  with  frustratingly  immature  charac¬ 
teristics  (limited  business  features,  lack  of  even 
minimal  documentation  and  online  help,  and 
potentially  scary  security). 

In  some  environments,  despite  its  short¬ 
comings,  the  Bountiful  Router  will  perform 
better  than  most  (if  not  all)  of  its  rivals  when 
the  main  concern  is  wireless  coverage.  With 
some  effort,  Bountiful  will  overcome  some 
shortcomings  through  firmware  updates  —  if 
you  are  willing  to  live  with  these  shortcom¬ 
ings.  We  recommend  the  Bountiful  Router  for 
its  principle  strength  —  outstanding  raw 
operational  radius. 

Henderson  is  principal  researcher  for  Ex- 
tremeLabs  in  Indianapolis.  He  can  be  reached 
at  thenderson@extremelabs.com. 


Lab  Alliance 


■  Henderson  is  also  a  member  of  the  Network 
World  Lab  Alliance,  a  cooperative  of  the  premier 
testers  in  the  network  industry,  each  bringing  to 
bear  years  of  practical  experience  on  every  test. 
For  more  Lab  Alliance  information,  including  what 
it  takes  to  become  a  partner,  go  to  www.net 
workworld.com/alliance. 


YOUR  JOB  IS  TO  KEEP  SYSTEMS 
OUR  MISSION  IS  TO  KEEP  PEOPLOH^V 

LET’S  WORK  TOGETHER. 


AND  APPLICATIONS  RUNNING. 
AND  INFORMATION  CONNECTED. 


mmm&i 


Continuous  access  to  information  no  matter  what.  That’s  Information 
Availability.  It’s  what  your  employees,  suppliers  and  customers  demand  every 
minute  of  every  day.  But  to  deliver  it  flawlessly,  you  need  a  massive  global 
infrastructure,  redundant  systems  and  diverse  networks  being  monitored  and 
supported  by  skilled  technical  experts  at  secure  facilities.  That’s  exactly  what 


For  years,  companies  around  the  world  have  turned  to  SunGard  to  restore  their 
systems  when  something  went  wrong.  So,  it’s  not  surprising  that  they’re  now 
turning  to  us  to  mitigate  risk  and  make  sure  they  never  go  down  in  the  first  place. 


SunGard  provides. 


You  want  your  network  and  systems  to  always  be  up  and  running.  We  want  the 
same  thing.  Let’s  get  together.  To  learn  more,  visit  www.availability.sungard.com  or 
call  1-800-468-7483. 


As  a  result,  we  can  offer  you  a  higher  level  of  availability  and  save  your 
company,  on  average,  25%*  versus  building  the  infrastructure  yourself.  Plus, 
it’s  a  vendor  neutral  solution  that  lets  you  control  your  data,  applications  and 
network  while  giving  you  the  flexibility  to  adjust  to  the  changing  needs  of  your 
business.  But  best  of  all,  it  lets  you  spend  more  time  solving  business  problems 
and  less  time  solving  technical  problems. 


SUNGARD 

Availability  Services 


‘Potential  savings  based  on  IOC  White  Paper,  Ensuring  Information  Availability:  Aligning  Customer  Needs  with  an  Optimal  Investment  Strategy. 
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Thunderstone  chases 
Google’s  search  watermark 


Pros:  Powerful  and  accurate  search;  very 
tuneable  crawling  features;  good  price. 


Cons:  Significant  interface  issues;  weak  security 
posture  for  admini-stration;  lack  of 
enterprise-level  monitoring. 


Starting  at  $10,000  for  250,000  documents. 


BY  THOMAS  POWELL,  NETWORK  WORLD  LAB  ALLIANCE 

With  the  continuing  explosion  of  unstructured  Web-based  content  in  the 
enterprise,  a  quality  search  engine  is  no  longer  a  luxury  but  a  necessity 
Encouraged  by  reader  feedback  after  our  recent  Google  Search  Appliance 
Clear  Choice  Test  (see  www.networkworld.com,  DocFinder:  9521)  we  tested 
a  similar  product,  the  Thunderstone  Search  Appliance. 


The  Breakdown 


Search  48% 

4.5 

Administration  30% 

2.5 

Security  18% 

2.5 

Interface  18% 

2.5 

Installation  18% 

5 

Tetal  score 

3.55 

ScariagKiy: 

5:  Exceptional. 

4:  Very  good. 

3:  Average. 

2:  Below  average. 

1:  Subpar  or  not  available. 


Overall,  the  Thunderstone  Software  appliance  is  a  capa¬ 
ble,  flexible  and  fast  search  platform,  though  at  times  it  is 
hampered  by  its  lack  of  polish  in  the  areas  of  administra¬ 
tion  and  security 

Immediately  upon  installation  it  is  clear  the 
Thunderstone  appliance  does  not  hide  its  implementation 
details  well.  Packaged  in  a  custom  blue  case  is  a  fairly  stock 
RedHat  Linux  box  equipped  with  open  source  Webmin 
interface  for  addressing  system  tasks. 

To  configure  the  search  functionality  (see  How  we  did  it 
at  www.networkworld.com,  DocFinder.  9522),  we  had  to  use 
the  supplied,  very  rudimentary  Web-based  interface,  which 
simply  does  not  do  justice  to  the  power  of  the  search  pro¬ 
vided.  While  some  users  may  be  initially  attracted  to  what 
appears  to  be  a  simple  form-based  interface,  we  found  the 
forms  cluttered  and  confusing,  containing  little  or  no  field 
grouping,  and  rife  with  little  annoyances,  most  notably  one 
linehigh  scrolling  text  areas  that  don’t  allow  you  to  see  a 
field’s  contents  at  once.  During  testing  we  also  found  pages 
occasionally  not  displaying  the  requested  information. 

However,  once  you  get  beyond  the  interface  issues,  you 
will  see  that  the  system  allows  for  detailed  customization  of 
indexing  and  search  results.  When  building  a  search  index 
with  the  Thunderstone  appliance,  you  first  indicate  the 
starting  URL(s)  and  the  particular  file  types  to  include  or 
exclude  during  the  site  walk. 

If  you  take  the  time  to  explore  the  complete  walk  settings 
you  will  find  many  features  that  may  help  you  handle  the 
special  cases  you  might  encounter  during  a  site  walk.  For 
example,  it  is  possible  to  configure  the  system  to  remove 
the  contents  of  certain  types  of  tags  or  even  remove  com¬ 
monly  found  text  in  page  navigation,  headers  and  footers. 

However,  you  may  find  indexing  sites  with  form-based 
logons  very  difficult  to  do,  requiring  lots  of  trial  and  error  if 
you  want  to  do  more  than  basic  Web  authentication. 

We  were  happy  to  find  the  Thunderstone  crawler  (the 
Texis  software  the  company  has  offered  for  years)  was  able 
to  traverse  our  test  sites  fairly  easily  because  it  can  be  con¬ 
figured  to  execute  JavaScript  content,  including  external  .js 
files,  or  examine  strings  within  JavaScript  for  URLs  to  tra¬ 
verse  While  in  practice  this  helped  the  program  move 
around  sices,  there  were  situations  where  the  crawler  made 
mistakes  with  JavaScript  content  and  noted  many  pages  in 


error.  For  example,  on  one  test  site  that  used  Google 
AdSense,the  crawler  pulled  data  out  that  was  not  a  URL  to 
crawl.  However,  these  problems  were  forgivable  given  that 
many  crawlers  cannot  even  index  sites  that  rely  too  much 
on  JavaScript  for  navigation. 

After  building  a  search  index  you  can  edit  the  results, 
doing  things  such  as  removing  bad  entries  or  defining 
matches  for  particular  queries  called  Best  Bets.  You  can 
define  as  many  hard-wired  matches  as  you  like  for  particu¬ 
lar  particular  URL-keyword  combinations.  Unfortunately 
taking  advantage  of  this  would  be  incredibly  time  consum¬ 
ing  given  the  awkward  interface.  There  appears  to  be  no 
direct  way  to  manage  keyword  match-ups  en  masse  out¬ 
side  a  suspiciously  dangerous  work-around  suggested  on 
the  tech  support  site  to  export  all  settings  to  an  XML  file, 
make  changes  and  reimport  them. 

Keeping  the  search  index  up-to-date  on  the  Thunderstone 
appliance  is  easy  if  you  schedule  reindexing  processes.  We 
preferred  the  appliance’s  ability  to  perform  trigger-based 
crawling,  which  lets  the  appliance  watch  a  URL  and  rewalk 
a  site  when  the  contents  of  that  resource  changes. 

To  complete  the  configuration  you  will  want  to  configure 
the  search-results  page  and  integrate  a  search  box  into  your 
site.  For  most  sites  it  will  be  a  matter  of  defining  a  header 
and  footer  that  matches  the  visuals  of  the  site  to  wrap  the 
search  results  and  choosing  one  of  the  eight  defined  result 
styles.  Of  course  you  also  could  fetch  results  in  XML  and 
use  Extensible  Stylesheet  Language  Transformations  to 
transform  your  results  in  an  arbitrary  manner. 

The  value  of  the  search  results  was  generally  good.  For 
searches  for  known  unique  keywords  and  phrases  we  had 
nearly  the  same  results  for  Thunderstone  as  what  we  saw 
on  a  Google  Mini  being  used  as  a  control.  However,  in 
searches  for  less-unique  keywords  the  results  were  not 
always  as  useful  as  the  Google  search  results.  For  example, 
some  PDF  files  were  ranked  higher  because  of  the  create 
path  of  the  file  being  used  as  a  title.  In  other  queries,  land¬ 
mark  pages  such  as  home  pages  were  often  found  further 
down  in  result  lists.  Yet  when  tuning  the  ranking  features 
using  an  advanced  option  on  the  result  page  on  the 
Thunderstone  search,  results  often  more  closely  matched 
the  Google  appliance. 

One  aspect  of  Thunderstone’s  search  results  we  really 


liked  was  when  few  results  were  returned  the  “Did  You 
Mean  . . .  ?”  option  suggested  multiple  choices  rather  than 
just  one.  It  also  showed  the  number  of  hits  for  those  queries 
so  you  could  see  where  rich  results  sets  were. 

Administration-wise,  the  Thunderstone  could  stand 
some  improvement.The  current  version  does  not  support 
SNMP  integration.  In  terms  of  reporting,  with  the  Web 
interface  you  have  access  to  some  basic  system  logs  as 
well  as  some  rudimentary  query  reports.  Query  logging 
could  be  much  richer  and  should  be  searchable.  Besides 
richer  usage  data,  we  would  prefer  it  to  be  saved  in  a  Web 
common  log  format  so  that  it  could  be  easily  processed 
by  log  analysis  tools.  Furthermore,  it  really  does  not  seem 
a  good  idea  to  purge  the  query  logs  on  rewalk  as  it  erases 
valuable  historical  data. 

There  also  were  aspects  of  administration  that  were  quite 
nice,  such  as  a  software  updating  system  and  some  inte¬ 
grated  methods  to  send  technical  support  and  system  con¬ 
figuration  information  to  the  appliance. 

The  documentation  for  the  product  is  terse  and  could  be 
improved  with  screen  captures  and  more  examples  with 
explanations.The  help  system  is  not  very  well  done,  forcing 
you  to  jump  up  and  down  long  form  screens. 

Finally  we  were  disappointed  with  the  security  The  Web 
console  does  not  force  SSL  access  by  default  and  new 
users  are  created  with  full  administrator  privileges,  a  dan¬ 
gerous  prospect.  Fortunately  you  can  lock  down  access 
control  by  user  or  group,  but  in  a  convoluted  manner  com¬ 
pared  with  other  multiuser  systems  we’ve  tested.  The  sys¬ 
tem  also  allows  very  weak  passwords,  and  it  does  not  pro¬ 
vide  any  user  auditing  that  we  could  find.  Thunderstone 
indicated  that  a  future  revision  will  include  user  auditing. 

Thunderstone’s  Enterprise  Search  Appliance  is  a  fast  and 
flexible  offering  with  abundant  areas  for  fine  tuning  search. 
It  also  lacks  polish  and  can  be  awkward  to  use.  Yet  com¬ 
pared  with  a  Google  Search  Appliance  it  is  quite  inexpen¬ 
sive,  and  network  professionals  willing  to  put  in  some  time 
may  be  rewarded  with  a  powerful  search  facility  at  an 
affordable  price. 

Powell  is  the  founder  of  PINT  a  San  Diego  Web  develop¬ 
ment  and  consulting  firm.  He  can  be  reached  at 
tpowell@pint.  com. 
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HP  PROLIANT  BL20p  G3  BLADE  SERVER 


with  ProLiant  Essentials  Management  Software 

•  Up  to  2  Intel®  Xeon™  Processors  (3.60GHz/2MB)' 

•  High  density:  Up  to  48  servers  per  rack 

•  Flexible/Open:  Integrates  with  existing  infrastructure 

•  HP  Systems  Insight  Manager™:  Web-based  networked 
management  through  a  single  console 

•  Rapid  Deployment  Pack:  For  ease  of  deployment  and 
ongoing  provisioning  and  reprovisioning 

•  Integrated  Cisco  or  Nortel  switch  options 


HP  STORAGEWORKS  MSA1500cs 


Get  2TB  of  Storage  Free  ($2,800  Value)1 

•  Up  to  24TB  of  capacity  (96  250GB  SATA  drives) 

•  Up  to  16TB  of  capacity  (56  300GB  SCSI  drives) 
■  Ability  to  mix  SCSI  and  Serial  ATA  enclosures 

for  greater  flexibility 

•  2GB/1GB  Fibre  connections  to  host 


F  Download  a  free  I  DC  while  paper: 

Reducing  Total  Cost  of  Ownership 
Through  the  Use  of  Blade  Systems. 

Save  $750  instantly 

on  a  blade  enclosure  solution? 

See  Web  stte  for  details. 


The  HP  ProLiant  BL20p  G3  blade  server  with  the  Intel5  Xeon™  Processor  simplifies  server  management.  In  fact,  its 
so  simple,  you  can  even  manage  it  remotely  through  leading  Web  browsers  using  HP  iLO  technology.  And 
not  only  is  it  simple  to  manage,  it's  also  simple  to  monitor  and  set  up.  It  all  starts  with  the  Rapid  Deployment  Pack, 
giving  you  an  automated  setup  process  to  configure  and  deploy  servers  at  high  volume  and  a  rapid  pace. 
Then  HP  Systems  Insight  Manager™  gives  you  a  real-time  overview  of  system  performance,  even  alerting  you 
to  potential  problems  before  they  occur.  Plus,  you  can  bundle  it  with  the  HP  StorageWorks  MSA1500cs  to  make 
storing  your  data  simple,  scalable  and  affordable.  So  with  HP,  you  get  more  expertise  before  you  buy,  more 
technology  when  you  do  and  more  support  after.  Wherever  you  happen  to  be. 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SERVICES 


1.  Intel's  numbering  is  not  a  measurement  of  higher  performance.  2.  Receive  up  to  2TB  of  storage  free  with  purchase  of  HP  StorageWorks  Modular  Smart  Array  1500cs  devices.  Offer  valid  through  10/31/05.  3.  Save  $750  instantly  on  the  purchase  of  a  BladeSystem  pCIass  1U  power  enclosure  solution.  Offer  valid 
through  10/31/05.  All  offers  available  from  HP  Direct  and  participating  resellers.  Prices  shown  are  HP  Direct  prices,  are  subject  to  change  and  do  not  include  applicable  state  and  local  sales  tax  or  shipping  to  recipient's  destination.  Reseller  prices  may  vary.  See  Web  site  for  full  details.  Photography  may  not  accurately 
represent  exact  configurations  priced.  Associated  values  represent  HP  published  list  price.  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Xeon  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  ©2005  Hewlett-Packard  Development  Company,  L.P. 


"This  little  thing 

KX  butt!" 


Introducing  the  next 
generation  of  KVM 

The  Dominion  KX101 


Actual  Size 


All  the  power  of  our  Dominion®  KX  packed  into  a  smaller,  incredibly  versatile  form  factor. 

•  Deploy  them  by  the  hundreds,  even  in  dispersed  locations. 

•  Manage  them  all  centrally  through  a  single  IP  address. 

•  Get  to  them  all  without  the  access  limitations  of  a  KVM  switch. 

Visit  us  online  to  learn  more  about  switchless  KVM  and  the  future  of  infrastructure  management. 


www.KXbutt.com  ^Raritan. 

When  you're  ready  to  take  control.™ 


©  2005  Raritan  Computer.  Inc.  Raritan  and  Dominion  are  registered  trademarks  of  Raritan  Computer,  Inc. 
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■  CAREER  DEVELOPMENT  Bf  PROJECT  MANAGEMENT  HI  BUSINESS  JUSTIFICATION 


How  to  deal  with  discontinued  gear 

A  vendor  pulling  the  plug  on  key  equipment  affords  you  ample 
upgrade  opportunities. 


BY  TIM  GREENE 


James  Wiedel  faces  a  predicament:  Cisco  has 
announced  it  will  stop  selling  and  supporting  its 
ONS  15540  dense  wavelength  division  multiplex¬ 
ing  platform,  and  he  has  three  of  them  in  his  network  at 
the  University  of  Southern  California  in  Los  Angeles. 


It’s  not  a  pressing  problem  because  the 
last  day  of  sale  for  the  gear  is  Jan.  3 1,2006, 
and  it  will  be  supported  until  Jan. 31,2011, 
but  Wiedel  has  already  started  thinking 
about  his  options. 

And  that  is  just  the  right  thing  to  do  to 
carry  out  a  smooth  and  effective  transi¬ 
tion  from  old  gear  to  new,  industry 
experts  say. 

When  a  vendor  decides  to  pull  the  plug 
on  a  product,  it  can  leave  business  cus¬ 
tomers  scrambling  for  a  replacement.  But 
if  customers  are  well  prepared,  the  demise 
of  the  gear  can  be  an  opportunity  to 
upgrade  to  less  costly  more  efficient  prod¬ 
ucts  that  sport  more  features. 

Wiedel,  the  director  of  networking  at 
USC,  has  looked  at  newer  DWDM  gear 
that  costs  tens  of  thousands  of  dollars 
as  opposed  to  the  ONS  15540s,  which 
cost  more  than  $700,000,  he  says.  He 
plans  to  keep  the  equipment  in  the  net¬ 
work  until  he  finds  it  lacks  the  features 
that  USC  needs. 

Being  well  prepared  for  product  end-of- 
life  is  key,  says  Jean  Ritala,  secretary  of 
the  IT  Service  Management  Forum  USA. 
The  group  proposes  that  IT  departments 
adhere  to  strict  processes  when  it  comes 
to  the  life  cycle  of  hardware  and  soft¬ 
ware,  with  most  hardware  scheduled  to 
be  replaced  every  three  to  five  years.That 
way  when  notice  comes  that  a  piece  of 
equipment  is  being  dropped,  chances 
are  it  will  already  be  scheduled  for 
replacement  before  the  vendor  suspends 
support  for  it,  she  says. 

When  an  end-of-life  situation  arises,  IT 
executives  and  those  who  hold  the  purse 
strings  are  then  in  a  better  position  to  deal 
with  it.“It’s  important  so  there’s  no  surpris¬ 


es,  especially  devices  that  cost  a  lot  of 
money.  [Financial]  executives  don’t 
want  surprises,”  Ritala  says.  Preparation 
lets  IT  build  upgrades  into  future  bud¬ 
gets  rather  than  trying  to  squeeze  the 
funds  out  of  current  budgets  by  cancel¬ 
ing  other  purchases,  she  says. 

Part  of  the  process  is  setting  up  a  data¬ 
base  of  what  gear  is  in  a  network  and 
how  it  is  configured,  and  possibly  using 
software  tools  to  automate  the  task,  she 
says.  If  automation  is  used,  it  is  also 
essential  to  regularly  check  a  random 
sample  of  devices  by  hand  to  make  sure 
the  locations  and  configurations  match 
what’s  in  the  database. 

Good  data  of  this  type  enables  network 
executives  to  act  quickly  when  they  are 
hit  with  an  end-of-life  notice  for  a  partic¬ 
ular  device,  says  Trent  Waterhouse,  vice 
president  of  marketing  for  Computer 
Associates.  “How  many  do  I  have,  and 
where  are  they?  If  I  see  I  have  100  of 
them  and  90  of  them  are  on  the  latest 
version  of  firmware,  let  me  make  sure  I 
get  the  last  10  up  to  the  last-known  sup¬ 
ported  version,”  he  says. 

An  updated  inventory  has  helped 
Wiedel,  who  faces  a  more-pressing  chal¬ 
lenge  than  replacing  his  optical  equip¬ 
ment.  Entarasys  has  ended  support  for 
about  100  SmartSwitch  2200  switches 
that  were  in  his  network,  and  he’s  in  the 
midst  of  replacing  them.  Enterasys  also 
is  dropping  the  Ethernet  blades  he  has 
in  more  than  800  SmartSwitch  6000 
chassis  across  the  network.  But  he  knows 
where  they  all  are  and  how  many  he 
has,  which  has  made  planning  the 
upgrade  easier,  he  says. 

So  far  he  has  pulled  most  2200  switch¬ 


es  from  his  network  and  moved  the  rest 
to  less-demanding  spots.  He  had  begun 
moving  to  Enterasys’  next-generation 
Ethernet  blades,  so  he  scoured  his  net¬ 
work  for  unused  ports  on  those  blades 
and  consolidated  them  as  much  as  pos¬ 
sible,  freeing  up  several  blades. 

So  far  the  cost  has  been  minimal,  and 
he  has  not  budgeted  for  a  wholesale 
replacement. 

When  a  discontinuation  notice  arrives, 
IT  executives  have  to  decide  whether  to 
stay  with  a  vendor  or  seek  another, 
which  should  include  a  look  at  how 
well  the  previous  equipment  per¬ 
formed.  “Look  at  the  records,  and  if  you 
see  more  trouble  tickets  associated,  con- 


End-of-life  checklist 

When  a  vendor  gives  word  that  it's 
discontinuing  a  product,  it's  not  the 
end  of  the  world  for  customers. 
Here  are  some  tips  for  turning  the 
situation  around. 

Establish  a  database  of  equipment,  configuration 
and  versions  of  software  now  to  make  it  easer 
to  determine  the  impact  of  an  end-of-life  notice; 

-  Determine  whether  the  discontinued  gear  is  fully 
depreciated  and  ready  to  be  retired. 

Find  a  new,  less  critical  place  in  your  network 
for  the  old  gear  before  selling  it  off  or  tossing 
it  on  the  junk  heap. 

Consider  keeping  the  gear  in  the  network,  but 
stockpile  spares  for  inevitable  breakdowns. 

Listen  to  the  vendor  terminate  a  particular 
product  for  a  possible  viable  migration  path. 

Shop  around  with,  other  vendors  to  increase  your 
bargaining  position  if  a  swap-out  seems  inevitable. 


sider  a  new  vendor,”  Waterhouse  says. 

IT  departments  should  always  research 
options  from  other  vendors,  says  Zeus 
Kerravala,  vice  president  of  enterprise  net¬ 
working  at  The  Yankee  Group.  “If  you’re 
going  to  retire  a  product, do  a  comparative 
cost  evaluation.  It  gives  you  price  leverage 


if  nothing  else  when  you  negotiate  with 
your  current  vendor]’  he  says. 

In  Wiedel’s  case,  Enterasys  had  per¬ 
formed  well  and  had  an  upgrade  path 
that  matched  his  plans.  It  is  dropping  its 
old  hardware  cards  for  the  6000  series 
chassis  but  will  support  new  ones.  Fitting 
the  old  chassis  with  the  new  Ethernet 
blades  rather  than  buying  all  new 
switches  was  attractive. “It  saves  a  whole 
bunch  of  money”  he  says.  “We  just  do  a 
blade  swap,  and  you  may  only  be  chang¬ 
ing  out  one  card  in  a  chassis.”  He  would 
not  detail  the  costs. 

The  upgrade  presented  an  opportunity 
to  solve  problems  that  had  been  loom¬ 
ing,  Wiedel  says.  For  instance,  USC  was 
upgrading  its  wireless  authentication, 
which  required  virtual  LAN  features 
found  only  on  newer  Enterasys  Ethernet 
cards,  he  says.  So  switches  linked  to  the 
wireless  gear  have  gotten  the  upgrades, 
but  others  can  wait.  “We’re  started  on  a 
slow  migration,”  he  says. 

A  gradual  transition  is  a  good 
approach,  because  it  gives  IT  executives 
the  chance  to  spread  out  the  cost  to 
decide  whether  it  makes  sense  to  move 
old  equipment  to  less-important  loca¬ 
tions,  Kerravala  says. “So  if  it’s  a  data  cen¬ 
ter  switch,  you  might  move  it  to  the 
wiring  closet.  If  it’s  a  core  switch,  move  it 
to  a  big  branch”  he  says. 

Vendors  usually  give  notice  well  before 
they  stop  selling  gear,  so  if  a  business 
decides  it  needs  to  keep  a  product  in  its 
network  past  the  support  date,  they  have 
the  chance  to  buy  more  while  they’re 
still  available  and  keep  them  around  for 
spare  parts,  Kerravala  says. 

Whatever  replacement  decision  is 
made,  USC’s  Wiedel  says,  the  most- 
important  thing  is  to  make  sure  the  tran¬ 
sition  keeps  services  running  and  dis¬ 
rupts  end  users  as  little  as  possible.  One 
strategy  for  that  is  making  small-scale 
swaps  to  learn  how  to  avoid  pitfalls. 
“Take  a  test  net  and  try  to  do  a  conver¬ 
sion  on  that  and  find  all  the  little  buga¬ 
boos  you’re  going  to  get.  You’ll  never 
know  what  isn’t  going  to  work  and  what 
is  going  to  work  until  you  try,”  he  recom- 
mends.“Plan  big, start  small.”  ■ 
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Increase  your  data  center  availability 


...with  APC  Rack  Power  Distribution 


Avoid  overloading  circuits 

Monitor  the  current  draw  as  you  install  equipment 

Protect  circuit  from  unauthorized  use 

Turn  outlets  off  when  not  in  use 

Avoid  in-rush  current  overload 

Outlets  are  turned  on  sequentially 

Manage  power  via  Network  Interfaces 

Built-in  Web,  SNMP,  Telnet  support 

Power  Distribution  Units 

•  Basic:  Vertically  and  horizontally  mounting  with  a 
range  of  amps  and  voltages 

•  Metered:  Ability  to  monitor  the  current  draw  and 
set  alarm  thresholds  that  when  exceeded,  provide 
both  visual  and  audible  alarms 

•  Switched:  Advanced,  remote  power  distribution 
and  control.  User  configurable.  Users  can  configure 
the  sequence  in  which  power  is  provided  to 
individual  receptacles  upon  start  up. 


Enter  to  WIN  a  FREE  APC  Rack  PDU  today. 

Visit  http://promo.apc.com  Key  Code  f894x  •  Call  888-289-APCC  x6790  •  Fax  401-788-2797 

©2005  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners.  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road,  West  Kingston.  Rl  02892  USA 


APC's  advanced  power  distribution  units 
distribute,  monitor  and  remotely  control 
power  in  rack  enclosures. 

Now  you  can  remotely  control  power  to 
individual  outlets  and  monitor  aggregate 
power  consumption  via  local  and  remote 
displays.  Access,  configure  and  control  the 
APC  Switched  Rack  PDU  through  Web, 
SNMP  or  Telnet  interfaces. 

From  basic  power  distribution  to  controllable 
outlets,  APC  has  solutions  up  to  14.4  kW  to 
fit  your  IT  environment  needs.  See  our  entire 
line  of  rack  PDUs  online  at  www.apc.com. 


Every  product  carrying  this  mark  has  been 
tested  and  certified  for  use  with  InfraStruXure™ 
architecture.  Before  you  buy,  check  for  the  X  to 
guarantee  product  compatibility. 


With  over  15  million 
satisfied  customers, 

TM 

APC's  Legendary  Reliability 
guarantees  peace  of  mind. 


Legendary  Reliability® 


AX4A05EP-US 


TAP  into  Performance 

Monitor  mission-critical  links  with  the 
latest  technology  through  new  nTAPs 

Stop  jeopardizing  network  performance  and  risking  costly  downtime.  Be  confident  you 
have  maximum  visibility  into  your  full-duplex  links  by  configuring  an  nTAP  solution  that 
fits  your  network  and  budget.Visitwww.networkTAPs.com/visibilitytoday. 


Ethernet  Copper nTAP 

For  copper-to-copper  connections 
Choose  your  speed: 

10/100 . . $395 

10/100/1000  . $995 


» 

10/100/1000  Conversion  nTAP 

Copper  input  with  copper  or 

fiber  output  options 

1 

Choose  your  analysis  output: 

1 

SX . 

$1,495 

p 

LX . 

$1,495 

y  :'W% 


_ 

L . . 

J 

Optical  Fiber  nTAP 

Multiple  split  ratios 

Choose  your  port  density: 

Single  channel . 

$395 

Four  channel . 

$1,795 

Six  channel . 

$2,395 

To  learn  more  about  how  nTAPs  can  boost  your  network  visibility  and  which  configuration  option 
is  best  for  you,  go  to  www.networkTAPs.com/visibility  or  call  866-GET  nTAP  today. 

Free  overnight  delivery* 


m 


C  £  ‘Free  overnight  delivery  on  all  U.S.  orders  over  $300.00  confirmed  before  1 2  pm  CST. 

r?TAP  and  the  nTAP  logo  are  trademarks  or  registered  trademarks  of  Network  Instruments,  liC 
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Production  Tracking  Over  Ethernet 
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00000(3 

000000 
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Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


Features  £  Benefits 

•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Bad  e  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection 
Program  Included 

•  Larger  keyboard  and 
display  sizes  available 
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COMPl  IERWISE. 

Call  1-800-255-3739  or  visit  www.computerwise.Gom 


maybe  it’s  time 
you  look  at 

AdaptiveKVM” 

When  servers  are  down  or  inaccessible,  you  need 
fast  and  reliable  out-of-band  access  and  control. 

Cyclades  AdaptiveKVM™  (patent  pending)  is  the  industry's  first 
integrated  solution  that  combines  KVM  over  IP  and  Microsoft® 
Remote  Desktop  Protocol  (RDP)  technology  in  a  single 
appliance.  By  using  KVM  over  IP  combined  with  RDP, 
AdaptiveKVM  provides  continuous  access  for  remote  server 
management. 


Next-Generation  KVM  Solution 


AlterPath™  KVM/netPlus 

1 ==:: :  Download  a  FREE  White  Paper  on  AdaptiveKVM 

|  www.cyclades.com/akvm 


- 


www.cyclades.com/nw 

1 .888.cyclades  •  sales@cyclades.com 

&200S  Cydodes  (orpor  ohosi  AH  rights  reserved.  AH  other  Irodwicrks  and  product  images  are  property  oi  their  resp«hve  woers.  Product  information  svfc)«t  to  change  *dx  w 


cyclades 


ROSE  US 
ROSE  EUROPE 
ROSE  ASIA 
ROSE  AUSTRALIA 


281  933  7673 
+44  (0)  1264  850574 
+  65  6324  2322 
+  617  3388  1540 


ELECTRONICS 


LOCAL  OR  REMOTE  SERVER  MANAGEMENT  SOLUTIONS 

■  MATRIX  KVM  SWITCH  WITH 

INTEGRATED  REMOTE  ACCESS  OVER  IP 


UltraMatrix™ 

Remote 


UltraMatrix™ 

E-series 


■  PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


KVM  SWITCH 


KVM  OVER  IP 


System-wide  connectivity  over  IP  worldwide  and  locally 
Connects  1,000  computers  to  up  to  256  user  stations 
Supports  PC,  Sun,  Apple,  USB,  UNIX,  serial  devices 
High  quality  video  up  to  1280  x  1024 
Secure  encrypted  operation 

View  real-time  video  from  4  computer  connections  with 
quad-screen  mode 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 

On-screen  menu  informs  you  of  connection  status  between  units 

in  an  expanded  system 

Powerful,  expandable,  low  cost 

No  need  to  power  down  most  servers  to  install 

Security  features  prevent  unauthorized  access 

Free  lifetime  upgrade  of  firmware 

Video  resolution  up  to  1600  x  1280 

Available  in  several  models 

Easy  to  expand 


The  UltraMatrix  Remote  represents  the  next  generation  in  KVM  switches  with  IP  access.  It 
provides  a  comprehensive  solution  for  remote  server  access  over  IP  and  local  as  well. 


The  UltraMatrix  E-Series  represents  the  latest  in  KVM  matrix  switch  technology,  at  an 
affordable  price.  The  E-Series  allows  you  to  connect  up  to  256  user  stations  to  as  many  as 
1,000  computers.  The  UltraMatrix  E-Series  is  available  in  several  sizes:  2x4,  2x8,  2x16, 
4x4,  4x8,  4x16,  1x8,  and  1x16  in  either  PC  or  multi-  platform. 


■  KVM  RACK  DRAWERS  WITH  KVM  SWITCH  OPTION 


RackViews  offer  the  latest,  most  efficient  way  to  organize  and  streamline  your 
server  rooms  and  multiple  computers. 

The  RackView  is  a  rack  mountable  KVM  console  neatly  fitted  in  a  compact  pull-out 
drawer.  This  easy-glide  KVM  drawer  contains  a  high-resolution  TFT/LCD  monitor,  a 
tactile  keyboard,  and  a  high-resolution  touchpad  or  optical  mouse. 


XtendVue  RackView 

Vertical  Rack  mountable  LCD  Fold-Forward 

With  Built-in  KVM  Extender 


RackView 

Fold-Back 


RackView 
LCD  Monitor 


RackView 

Keyboard 


SENSAPHONE 

IMS-4DDD 


Monitor  the  REST  of  your  Computer  Room! 


•  Water  on  the  Floor 

•  Temperature 

•  Power  Problems 

•  Security 

•  Smoke  and  Fire 

•  Humidity 

•  Video 

•  And  much  more 


Sends  Monitors  Embedded 

SNMP  64  Web 

Messages  IP  addresses  Server 


Sends  Power 

E-Mail  Outage 

\  Alarming 

_ i 


Internal 

UPS 


' 

'  '••■•A,  / 

_  _  _  i„|'Mtrualu» 

IMS-0000 

• 

*r 

■ m 

Modem 
&  Pager  Port 


Microphone 

(or  Sound 
Monitoring 


Sensor  Inputs 

(Temperature.  Humidity, 
Wattr.  Motion.  Power, 
Smoke/Fire) 

Expandable 


K 


Tel:  877-373-2700 
Cy^vy,w/im5-4000.com 
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SENSAPHONE 
901  Tryens  Road 
Aston,  PA  19014 


NETWORKWORLD 

SUBSCRIPTIONS 

Each  week  Network 
World  delivers  an 
extensive  line-up  of 
product,  service 
and  industry  news, 
analysis,  case 
studies,  buyer's 
guides,  expert 
opinion  and  management 
advice  that  Network  IT 
Executives  rely  on  to  get  their 
job  done. 

To  subscribe  visit: 
apply,  nww.com/free05 

Network  World,  Inc.,  j  118  Turnpike  Road,  Southborough,  MA  01772  j  (508)460-3333 


Choose  a  network  analyzer  that  puts  you  in  the  driver's  seat. 


:ook  mot  vs  is 


How  much  does  your  network  analyzer  see? 

Observer  is  the  only  fully  distributed  network  analyzer  built 
to  monitor  the  entire  network  (LAN,  802.1 1  a/b/g.  Gigabit, 

WAN).  Download  your  free  Observer  1 0  evaluation  today 
and  see  how  Observer  puts  you  in  the  driver's  seat  with  more 
real-time  statistics,  more  in-depth  analysis  and  more  network 
advantages  than  ever  before.  Choose  Observer. 

-CRPRC  i  tv  PtRnn  i  nc-  Determine  how  much  bandwidth 
your  router  will  need  based  on  historical  usage  patterns  with 
Network  Trending. 

-fores  i  GRT  -  Predict  how  network  changes  will  affect 
your  response  times  with  "What-lf  ’  Modeling  Analysis. 

-no  S  i  GRRi  -  Find  rogue  access  points,  monitor  access 
point  load  and  scan  wireless  channels  continuously  with  over 
50  WLAN  Expert  Conditions. 

toll  free  800.526.5958 
fax  952.358.3801 

+44(0)1959569880 

www.networkinstruments.com/analyze 
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US  &  Canada 
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UK  &  Europe 


Looking  ahead  to  your  next 
network  project? 

Need  information  now? 

Check  out  VENDOR  SOLUTIONS  for  the  most 
comprehensive  information  on  network  IT  products 
and  solutions  for  your  business  including: 

►White  Papers 
►Special  Reports 
►Partner  Sites 
►Webcasts 

►Marketplace  Product  Finder 
Visit  www.networkworld.com/vendorsolutions  today. 
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How  Do  You  Distribute 


Power  in  Your  Data 
Center  Cabinet? 


r  -  -  -  V;'.  v 


. 


With  Sentry! 

CDU  Product  Family:  Metered,  Smart  &  Switched 


The  Sentry  CDU  distributes  power  for  Blade  servers  or  up  to  42  dual 
power  1U  servers  in  one  enclosure.  Single  or  3-phase  input  with 
110VAC,  208VAC  or  mixed  110/208VAC  single-phase  outlet  receptacles. 


Metered  CDU 

>  Local  input  Current  Monitoring 
Smart  CDU 

>  Local  Input  Current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power  Temperatures 
and  Humidity 


Switched  CDU 

>  Local  input  current  Monitoring 

>  Supports  External  Temperature  and 
Humidity  Probes 

>  IP  Monitoring  of  Power,  Temperatures  ’  * 

jnH  W?  imiH'fi, 


and  Humidity 

>  Remote  Power  Control  of  Each  Outlet.. 


—  On /Off /Reboot 


Server  Technology 
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Network  World  Events  and  Executive 
Forums  produces  educational  events 

Events  and  Executive  Forums  and  executive  forums  w0rldwide’ 

customized  on-site  training,  and 
DEMOmobile®,  and  VORTEX,  as  well  as  the  DEMOIetter  and  VORTEX 
Digest  newsletters.  For  complete  information  on  our  current  seminar 
offerings,  call  us  at  800-643-4668  or  go  to  www.networkworld.com/events. 


including  our  one  day  technology  Tours, 
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AT&T  through  the  years 
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Alexander  Graham 
Bell  Invents  telephone, 
founds  company. 
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Invention  of  loading  coils 
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New  York  to  Chicago  call  costs  $9  for  5  minutes. 


Settles  first  antitrust  suit; 
divests  Western  Union. 


Installs  first  dial  phones;  last  manual 
telephones  converted  in  1978. 


U.S.-London  link  handles  one 
call  at  a  time;  $75  for  3  minutes. 


AT&T 

continued  from  page  1 

know  it  will  be  gone. 

Interviews  with  former  AT&T 
insiders,  regulators,  analysts  and 
other  observers  concluded  one 
thing:  It  didn’t  have  to  end  this 
way. 

“It’s  a  sad,  sad  outcome,”  says 
the  reflective  Block. 

The  M  trait 

AT&T’s  end  actually  has  some¬ 
thing  to  do  with  its  beginning.The 
company  became  a  monopoly  in 
the  early  1900s  and  tried  to  con- 

AT&T:  Fall  of  an  icon  11 

tinue  to  operate  this  way  even 
after  the  1984  breakup,  observers 
say 

“AT&T  always  thrived  in  the  old 
days  on  the  absoluteness  of  its 
monopoly  says  Fred  Goldstein, 
principal  of  Ionary  Consulting 
and  author  of  The  Great  Telecom 
Meltdown.  “The  company  was 
built  around  the  structure.” 

That  structure  was  introduced  in 
1907  by  then  AT&T  President 
Theodore  Vail,  who  created  the 
Bell  system  by  lashing  together 


several  local  phone  networks 
across  the  country  Vail  argued 
that  the  most  efficient  way  to 
make  telephone  service  universal 
was  to  establish  AT&T  as  a 
monopoly  protected  by  govern¬ 
ment  regulation. 

The  Vail  model  stood  for  the 
next  77  years, building  the  compa¬ 
ny  into  a  behemoth  with  $150  bil¬ 
lion  in  assets,  $70  billion  in  rev¬ 
enue  and  1  million  employees. Yet 
it  also  made  management  com¬ 
placent,  insular  and  resistant  to 
change. 

Being  a  monopoly  meant  hav¬ 
ing  few,  if  any  competitors.  And 
having  no  competition  meant  few 
strategic  decisions  had  to  be 
made  —  it  was  all  about  mainte¬ 
nance  of  the  status  quo. 

At  the  root  of  the  problem  was 
management  inertia.  Up  until  the 
mid-1990s  AT&T  was  reluctant  to 
hire  outsiders,  for  fear  of  intro¬ 
ducing  philosophical  change, 
Goldstein  says. 

“To  get  to  the  top  of  the  compa¬ 
ny  you  had  to  be  promoted  over 
25  times,”  he  says.  “If  you’re  enti¬ 
tled  to  one  promotion  a  year  at 
most,  each  time  you  took  a  job 
you  immediately  began  work  on 
your  next  promotion.  You  never 
stayed  more  than  a  year  so  you 


never  had  time  to  learn  your  job. 
You  had  a  management  culture 
composed  of  people  who  didn’t 
really  understand  the  business 
but  they  understood  internal  poli¬ 
tics  and  they  understood  sucking 
up.  When  the  world  changed  it 
was  very  hard  for  the  organization 
to  adapt.” 

The  company  couldn’t  even 
capitalize  on  its  own  innovations, 
such  as  the  1947  invention  of  the 
transistor,  which  reinvented  elec¬ 
tronics,  communications  and 
computing.  “They  put  themselves 
out  of  business  because  [the  tran¬ 
sistor]  led  to  an  increase  in  the 
rapidity  of  change,” Goldstein  says. 

Breaking  up  is  hard  to  do 

Change  was  finally  foisted  on 
AT&T  in  1984  when  it  agreed  to 
divestiture  to  end  a  long,  con¬ 
tentious  antitrust  suit  brought  by 
the  U.S.  Department  of  Justice. 
AT&T  had  two  choices:  spin  off  its 
22  local  operating  companies 
into  seven  Bell  holding  compa¬ 
nies,  while  retaining  equipment 
manufacturing  and  R&D  — 
Western  Electric  and  Bell  Labs, 
respectively;  or  retain  the  Bell 
operating  companies  and  divest 
equipment  manufacturing  and 
R&D. 

AT&T  chose  the  former  and  it 
turned  out  to  be  a  colossal  blun¬ 
der.  The  carrier  didn’t  foresee  that 
equipment  would  become  a  com¬ 
modity,  that  calls  would  just 
become  calls  —  no  matter  local 
or  long-distance  —  and  that  the 
real  value  would  be  in  owning  the 
customer,  a  truism  that  would  ulti¬ 
mately  give  the  Bells  control  of 
the  market. 

‘An  awful  lot  of  money  was 
wasted  in  trying  to  find  a  way  to 
stay  in  the  equipment  business 
long  after  it  was  obvious  that’s  the 
last  business  you  wanted  to  be 
in,”  says  Block,  who  retired  from 
AT&T  in  1986.  “The  whole  eco¬ 
nomics  of  the  business  was  built 
around  the  local  exchange.” 

What’s  more,  Block  says  it  felt 


like  AT&T  never  really  shook  off 
the  monopoly  cloak.“It  seemed  to 
me  that  management  was  not  suf¬ 
ficiently  aware  that  the  divestiture 
of  the  Bell  companies  destroyed 
the  Vail  model,  and  a  whole  new 
business  model  had  to  be 
devised,”  he  said.  “Instead,  all  of 
the  efforts  seemed  to  go  into  tak¬ 
ing  the  leftover  parts  and  trying  to 
make  businesses  out  of  them. 
Some  of  them  had  no  future.” 

Although  it  was  a  shadow  of  its 
former  self,  after  divestiture  AT&T 
was  still  the  industry  heavyweight 
with  $34  billion  in  revenue  and 
373,000  employees. 


More  change  to  bungle 

While  AT&T  landed  on  its  feet 
and  successfully  built  up  its  ser¬ 
vices  and  brand,  the  1990s  saw  a 
series  of  high-profile  strategic  fits 
and  starts,  none  of  which  went 
right. 

By  acquiring  computer  vendor 
NCR  in  1991  for  $7.3  billion,  AT&T 
placed  a  bold  bet  on  a  future 
about  integrated  computing  and 
communications.  But  the  deal 
never  resulted  in  any  advances 
and  AT&T  jettisoned  NCR  in  1996 
at  a  substantial  loss.  It  also  spun 
off  its  Western  Electric  equipment 
See  AT&T,  page  65 


A  history  of  antitrust  trouble 

The  1982  decision  leads  to  divestiture  and  marks  the  beginning 
of  AT&T's  downfall. 

1913:  AT&T  settles  first  federal  antitrust  suit  with  an  agreement  that  formally 
establishes  AT&T  as  a  government-sanctioned  monopoly.  AT&T  agrees  to  divest  the 
controlling  interest  it  had  acquired  in  Western  Union,  and  to  allow  non-competing 
independent  telephone  companies  to  interconnect  with  its  long-distance  network. 

1956:  AT&T  and  the  U.S.  Justice  Department  agree  on  a  consent  decree  to  end 
an  antitrust  suit  brought  against  AT&T  in  1949.  AT&T  restricts  its  activities  to  those 
related  to  running  the  national  telephone  system,  and  special  projects  for  the  federal 
government. 

1982:  AT&T  and  the  Justice  Department  settle  an  antitrust  suit  Died  against  the 
company  in  1974.  AT&T  agrees  to  divest  itself  of  its  local  telephone  operations.ln 
return,  the  Justice  Department  agrees  to  lift  the  restrictions  on  AT&T  activities 
contained  in  the  1956  consent  decree. 

SOURCE:  'MILESTONES  IN  AT  AT  HISTORY,"  WWW.ATT.COM/HISTORY/MILESTONES.HTML 


Telecom  deals 
clear  D0J  hurdles 

BY  GRANT  GROSS,  IDG  NEWS  SERVICE 

Action  last  week  by  the  U.S.  Department  of  Justice  brings  nearer  to 
completion  two  major  telecom  deals:  SBC’s  acquisition  of  AT&T  and 
Verizon’s  purchase  of  MCI. 

As  Network  World  went  to  press  Friday  afternoon,  the  FCC  also  was  in 
a  meeting  that  was  expected  to  address  the  two  deals,  although  it  was 
unclear  whether  either  would  be  voted  upon  at  that  time.  Several  states 
still  need  to  approve  the  transactions. 

While  approving  both  acquisitions  last  week,  the  Justice  Department 
will  require  the  two  merged  telecom  giants  to  divest  some  fiber-optic 
network  facilities. The  acquisitions,  as  originally  proposed,  would  have 
caused  higher  prices  for  some  business  customers  in  eight  metropoli¬ 
tan  areas  in  Verizon’s  territory  and  1 1  metropolitan  areas  in  SBC’s  terri¬ 
tory  the  Justice  Department  said. 

But  the  agency  also  seemed  to  reject  arguments  made  by  some  other 
telecom  carriers  and  consumer  groups,  which  said  the  two  mergers 
would  drive  up  prices  for  most  customers. The  Department  of  Justice’s 
investigation  found  that  the  acquisitions  are  “likely  to  generate  substan¬ 
tial  efficiencies  that  should  benefit  consumers,”  the  agency  said. 

The  Department  of  Justice  complaint  says  Verizon  and  MCI  are  the 
only  firms  that  control  a  direct  wireline  connection  to  hundreds  of 
buildings  in  the  metropolitan  areas  of  Washington-Baltimore;  Boston; 
New  York;  Philadelphia;Tampa,Fla.;  Richmond, Va.;  Providence,  R.I.;  and 
Portland,  Maine. The  merger  would  eliminate  competition  for  facilities- 
based  private-line  service  to  those  buildings. 

Similarly  SBC  and  AT&T  are  the  only  firms  that  control  a  direct  wire- 
line  connection  to  some  buildings  in  the  metropolitan  areas  of 
Chicago;  Dallas-Fort  Worth;  Detroit;  Hartford-New  Haven,  Conn.; 
Indianapolis;  Kansas  City  Mo.;  Los  Angeles;  Milwaukee;  San  Diego;  San 
Francisco-San  Jose;  and  St.  Louis.  ■ 
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maker  NCR. 


2000 


1990 


t 
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Splits  into  three  companies: 
AT&T  (services),  Lucent 
(products,  services),  NCR 
(computers). 


2000 


Data  traffic  tops  voice  for  first  time. 

2001  - 

Spins  off  AT&T  Wireless. 

2002  - 

AT&T  Broadband  merges  with  Comcast. 

2004  - 

Abandons  pursuit  of  consumer  voice  business. 

2005  - 

Acquired  by  SBC  pending  regulatory  approval. 

Oct.  27, 2005 

SBC  announces  it  will  adopt  AT&T  brand  name  once  deal  is  finalized. 


AT&T 

continued  from  page  64 

and  Bell  Labs  R&D  business  into 
what  is  now  known  as  Lucent,  a 
restructuring  that  was  known  at 
the  time  as“trivestiture.” 

“I’m  not  aware  of  any  NCR  suc¬ 
cesses,"  says  Sheldon  Hochheiser, 
a  16-year  company  historian  at 
AT&T  who  left  the  company  last 
year.  “By  the  mid-’90s  [AT&T 
Chairman  Robert]  Allen  realized 
there  were  negative  synergies 
having  long-distance  and  manu¬ 
facturing  businesses.  Recogniz¬ 
ing  this  and  acting  on  it  is  a  very 
positive  thing  for  Allen  to  have 
done.” 

Concurrent  with  AT&T’s  trivesti- 
ture,  Congress  was  passing  new 
telecom  legislation  in  the  form 
of  the  Telecommunications  Act 
of  1996.  The  act  sought  to  spur 
competition  by  allowing  the 
RBOCs  to  enter  the  long-distance 
market  if  they  allowed  long-dis¬ 
tance  carriers  access  to  local 
loops  at  government-mandated 
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wholesale  rates. 

At  the  time  of  the  Telecom  Act, 
AT&T’s  market  capitalization  was 
larger  than  any  of  the  Bell  com¬ 
panies’. 

“Before  the  ’96  act,  the  govern¬ 
ment  policy  was  to  keep  the  two 
industries  from  battling  each 
other;”  says  Reed  Hundt,  the  FCC 
chairman  from  1993  to  1997.“It’s 
the  battle  that  was  declared  by 
the  ’96  Telecom  Act  that  has  pro¬ 
duced  this  result.  You’d  have  to 
say  that  the  local  phone  compa¬ 
nies  nine  years  later  have  won 
that  battle.” 

NCR  and  AT&T’s  other  ill- 
advised  forays  into  the  computer 
business  —  the  3B  minicomput¬ 
ers  and  the  AT&T-branded  PCs  — 
was  a  sideshow  to  more  signifi¬ 
cant  blunders,  one  of  which  was 
the  mishandled  foray  into  wire¬ 
less,  says  Leslie  Cauleya  telecom 
reporter  for  USA  Today  and 
author  of  End  of  the  Line  .The  Rise 
and  Fall  of  AT&T. 

AT&T  Wireless  was  formed  by 
the  1994  $1 1.5  billion  acquisition 
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of  wireless  operator  McCaw 
Cellular.  It  was  a  bold  and  pre¬ 
scient  move,  given  the  impor¬ 
tance  of  cellular  todayAnd  while 
AT&T  grew  the  cell  business 
tremendously  it  couldn’t  make 
the  numbers  work  and  spun  off 
the  assets  in  2001. 

“It  was  a  huge  missed  opportu¬ 
nity  Cauley  says.  “Having  sold 
America  and  the  board  on  this 
one-stop-shopping  strategy,  and 
then  selling  it  off,  it  was  pretty 
stunning.  All  they  had  left  was 
legacy  long-distance,  enterprise 
and  consumer,  [and  the  latter] 
was  losing  20%  a  year” 

But  the  backbreaker,  according 
to  Cauley  came  later  that  decade 
with  AT&T’s  next  big  bet  —  its 
entry  into  the  cable  broadband 
business. 

In  1999,  AT&T  acquired  TCI,  the 
second-largest  cable  company  in 
the  U.S.,  and  renamed  it  AT&T 
Broadband.  In  2000,  AT&T  Broad¬ 
band  acquired  cable  company 
MediaOne  to  become  the  largest 
cable  company  in  the  U.S. 

The  acquisitions  were  then  CEO 
C.  Michael  Armstrong’s  way  back 
into  local  access.  But  the  ante  was 
too  big  and  the  timing  poor. 

The  cable  acquisitions  cost 
AT&T  $100  billion  at  a  time  when 
the  stock  market  was  overheating 
on  the  Internet  bubble.  When  the 
bubble  burst,  AT&T  Broadband’s 
worth  disappeared  into  thin  air 
and  AT&T  had  to  divest  its  cable 
investments. 

“It  all  came  down  to  the  way  the 
deal  was  financed,”  Cauley  says. 
“And  they  got  caught  in  the  shift¬ 
ing;  the  market  was  imploding 
and  they  got  caught  short  with  all 
the  debt.That  event,  that  one  deal 
—  had  they  not  done  it,  in  my 
view  —  they’d  have  been  just 
fine.” 

“If  industry  pricing  hadn’t  deteri¬ 
orated  so  rapidly  we  could  have 


managed  and  serviced  the  debt,” 
says  Dick  Martin,  a  32-year  AT&T 
veteran  who  was  executive  vice 
president  of  public  relations 
when  he  left  the  company  in 
2003.  “Industry  pricing  was  going 
to  hell  in  a  handbasket. 
Armstrong  was  on  the  right  path 
and  I  would  like  to  have  seen  his 
strategy  realized.  In  fact  it  is,  but 
just  not  by  AT&T.” 

Adds  ex-FCC  Chairman  Hundt, 
“Cable  and  wireless  are  the  two 
most  powerful  weapons  in  the 
communications  business  today 
Spinning  off  the  wireless  business 
was  a  catastrophic  strategic  mis¬ 
take.” 

Armstrong  declined  to  com¬ 
ment  for  this  story 

Armstrong  left  AT&T  in  2002  to 
become  chairman  of  AT&T 
Comcast,  the  company  formed 
from  Comcast’s  acquisition  of 
AT&T  Broadband.  What  he  left 
behind  was  a  company  that  con¬ 
sisted  of  two  units,  AT&T  Business 
and  AT&T  Consumer,  and  that  was 
in  bad  shape. 

In  the  past  five  years  AT&T  had 
seen  $11  billion  in  consumer 
long-distance  revenue  evaporate, 
and  a  22%  drop  in  2002  alone. 
Even  AT&T  Business  was  having 
problems,  with  2002  revenue 
down  4%. 

By  the  time  the  board  handed 
the  reins  to  new  CEO  David 
Dorman  in  July  2002,  the  compa¬ 
ny  was  a  shell  of  its  former  self: 


revenue  of  $38  billion, half  of  what 
it  tallied  only  eight  years  previous, 
and  a  2002  loss  of  $13  billion, 
mainly  because  of  discontinued 
operations. 

Part  of  AT&T’s  revenue  short¬ 
fall  was  caused  by  aggressive 
price-cutting  to  stay  competi¬ 
tive  with  MCI,  which  was  report¬ 
ing  mystifyingly  better  finan¬ 
cials.  Little  did  AT&T  or  anyone 
else  outside  of  MCI  manage¬ 
ment  know  that  MCI  was  cook¬ 
ing  the  books. 

“Believing  MCI’s  numbers  was  a 
terrible  mistake,”  Cauley  says.  “But 
how  can  you  say  a  major  Fortune 
50  company  is  lying  through  their 
teeth?  You  don’t  expect  that.  An 
innocent  mistake  but  a  fatal  mis¬ 
take.” 

While  a  crippled  and  confound¬ 
ed  AT&T  was  shrinking,  the  FCC 
fired  the  “final  shot  to  the  head,”  as 
Hundt  calls  it,  by  announcing  in 
2004  a  phase-out  of  the  govern¬ 
ment-mandated  wholesale  rates 
for  local  access. 

Four  months  after  that  ruling, 
AT&T  and  MCI  announced  inten¬ 
tions  to  exit  the  consumer  tele 
phony  market.  And  seven  months 
after  that,  AT&T  and  MCI  accepted 
buyout  offers  from  SBC  and 
Verizon,  respectively 

“It  probably  need  not  have 
ended  this  way”  Block  says.“But  in 
our  society, a  corporation  that  lives 
beyond  100  years  is  a  freak.  In  that 
sense,  life  goes  on.” ■ 
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n  just  a  couple  of 
decades  we’ve  gone 
from  a  world  where  the 
idea  of  being  covertly 
watched  and  tracked  was 
unthinkable  to  one  where 

cameras  monitor  our  every  move  on  every  corner  and  in 
every  public  building,  where  being  easily  located  by  the 
signals  from  our  cell  phones  and  car  radios  is  simple, 
and  where  potentially  every  product  we  buy  will  be 
labeled  and  trackable. 

Behind  these  trends  is  the  commercial  demand  to 
improve  supply-line  efficiency  and  reduce  theft  combined 
with  the  need  of  governments  to  keep  us  safe  and  secure 
in  a  world  where  the  potential  for  terrorism,  everyday 
crime  and  commercial  crime  are  greater  than  ever. 

But  behind  these  apparently  logical  reasons  for  tracking 
and  monitoring  are  other  less-reasonable  and  indeed  less- 
rational  motivations  and  tactics  that  are  a  real  threat  to 
our  privacy  our  rights  and  how  we  do  business. 

Recently  the  Electronic  Frontier  Foundation  discovered 
that  the  U.S.  Secret  Service  made  a  deal  with  a  number  of 
color  laser  printer  manufacturers  (see  www.network- 
world.com,  DocFinder:  9545)  that  have  tracking  informa¬ 
tion  called  “forensic  watermarking”  encoded  on  every 
sheet  of  paper  printed.The  ostensible  reason  for  this  is  to 
fight  counterfeiting,  but  obviously  there  is  far  more  poten¬ 
tial  in  this  technology 

That  followed  the  agreement  by  Adobe,  Jasc  and  other 
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software  companies  to  incorporate  government  code  in 
their  software  to  detect  and  prevent  loading  and  modifi¬ 
cation  of  images  of  money  (see  “No  can  scan,”  Backspin, 
Network  World ,  1/19/04;  DocFinder:  9546). 

What  amazes  me  is  that  these  companies  would,  in 
effect,  roll  over  and  comply  with  something  that  can  hard¬ 
ly  be  considered  to  be  supportive  of  good  product  engi¬ 
neering. 

Maybe  the  feds  applied  some  serious  pressure.  Or 
maybe  management  in  these  companies  is  not  bothered 
by  the  social  and  technical  issues  involved  and  will  do 
anything  for  a  buck.  So  far,  no  one  is  saying  much,  but 
eventually  an  insider  is  going  to  spill  the  beans. Yep, 
Printergate  may  be  waiting  in  the  wings. 

There’s  an  even  more  worrying  issue  about  the  conse¬ 
quences  of  tracking  of  goods  and  people  at  the  most 
detailed  level:  It  is  creating  a  neurotic  drive  to  know  and 
control  everything.  It  also  raises  the  question  of  whether, 
because  you  can  track  everything,  you  should. 

For  example,  European  Union  regulators  are  pushing 
hard  to  make  the  total  and  complete  control  of  supply 
chains  the  responsibility  of  manufacturers.  In  a  recent 
bout  with  Philip  Morris  International,  the  EU  fined  the 
company  $1.25  billion  for  “gray  marketers”  selling  PMI’s 
products.The  EU’s  motivation  for  this  is  that  cigarettes  that 
wind  up  being  diverted  to  the  gray  market  result  in  lost 
tax  revenue.  According  to  the  World  Health  Organization, 
these  distribution  “leaks”  cost  governments  at  the  local 
and  national  levels  in  excess  of  $30  billion  per  year. 


IT  indispensable 

But  along  with  the  fine  the  EU  regulators  made  it  clear 
that  they  expect  PMI  to  be  able  to  track  individual  packs 
of  cigarettes  from  production  through  to  retail  sale. 

The  implications  are  staggering,  because  the  same  logic 
can  be  applied  to  pharmaceuticals,  raw  materials  such  as 
steel  and  cement,  and  pretty  much  anything  commercial. 
If  the  EU  pushes  such  regulations  into  law,  then  other  gov¬ 
ernments  worldwide  that  are  hungry  for  cash  will  follow 
suit. 

I  said  the  implications  are  staggering  and  here’s  why:  If 
supply  chains  will  in  the  future  have  to,  by  law,  capture 
data  down  at  the  level  we’re  talking  about,  the  data  man¬ 
agement  issues  involved  will  be,  well, —  I’m  running  out 
of  superlatives  —  really  really  colossal. 

They  will  dwarf  today’s  data  handling  by  orders  of  mag¬ 
nitude  and,  along  with  this,  IT  organizations  will  have  to 
expand  phenomenally  which  in  turn  will  require  organi¬ 
zations  everywhere  to  increase  IT  budgets  dramatically 

Remember  when  I  wrote  a  few  weeks  ago  that  there  is 
nothing  but  IT  (see  “The  truth  about  IT’  DocFinder.  9547)? 
Well,  as  we  move  closer  to  tracking  everything  in  business, 
IT  will  become  evermore  central  and  politically  powerful 
in  business  everywhere.  So,  yes,  IT  will  become  the  mas¬ 
ters  of  the  universe.  Perhaps  that’s  the  only  good  side  of 
what  is  a  worrying  future. 

Send  world-domination  plans  to  backspin@gibbs.com 
or  mount  your  assault  at  Gibbs  blog  ( www.networkworld 
com/weblogs/gibbsblog). 
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Blogging  not  all  blah-blah-blah 

There’s  more  happening  with  corporate  blogs  than  the 
career-threatening  blunders  that  tend  to  grab  headlines 
and  amuse  us  all. 

Serious  companies  are  taking  blogs  seriously,  and  in 
the  process  are  finding  surprisingly  innovative  uses  for 
an  application  that  many  still  view  as  a  plaything. 

I  recently  had  an  opportunity  to  chat  with  Robin  Hopper,  CEO  of  iUpload,  one  of  a 
growing  number  of  companies  looking  to  cash  in  on  the  heightened  interest  in  corpo¬ 
rate  blogging.  Hopper’s  company  recently  trumpeted  a  super-sized  deal  with 
McDonald’s  that  will  find  the  junk-food  giant  initially  using  iUpload’s  blogging  technol¬ 
ogy  for  internal  corporate  communications.  However,  Hopper  says  the  day  may  soon 
arrive  when  your  McDonald's  server  asks,  “Would  you  like  a  blog  with  that  burger?" 
While  the  corporate  communications  piece  is  still  only  in  pilot  mode,  the  grander  vision 

would  have  blogs  playing  a  role  in  marketing  at  the  franchise  level _ McDonald's 

serves  50  million  customers  a  day. 

A  more  fully  baked  example,  Hopper  says,  is  Stillwater  National  Bank,  an  Oklahoma- 
based  lending  institution  that  has  adopted  iUpload’s  blog  technology  to  speed  up 
paperwork  on  large  commercial  loans. 

“When  they  hit  certain  risk  thresholds,  they  need  to  parcel  that  out  to  different  part¬ 
ners,  and  e-mail  just  doesn’t  work  for  that  kind  of  thing;  the  documents  are  very  large,” 
he  says.  "They  were  actually  FedExing  these  things  around  to  manage  the  loan  partici¬ 
pation  opportunities.” 

As  a  result,  completing  these  deals  was  taking  four  to  six  weeks,  Hopper  says. 

"They  came  to  us  thinking  they  needed  to  implement  some  kind  of  personalized  data¬ 
base  engine  and  content-management  type  of  application  to  pull  this  off.  We  actually 
did  it  with  blogs.They’ve  gone  from  four  to  six  weeks  down  to  two  to  three  days  to 
close  out  these  opportunities,”  Hopper  says. 

So  in  that  context,  what's  the  difference  between  a  blog  and  an  extranet? 

"Absolutely  nothing,"  Hopper  says.  "Blogs  are  a  drop-dead  simple  way  to  get  content 
from  people  who  we  couldn’t  get  content  from  otherwise.  What  is  important  in  terms  of 
corporate  adoption  is  to  stop  thinking  about  blogs  as  a  technology  or  blogs  in  and  of 


themselves,  but  think  of  them  as  a  tactic  to  empower  a  whole  new  level  of  authors  in  or 
outside  your  company.  And  through  the  aggregation  process,  you  have  the  ability  to 
deliver  the  right  content  to  people  at  the  right  time  and  in  the  right  context." 

Hopper  says  companies  serious  about  corporate  blogging  are  demanding  granular 
controls  over  approval  and  management  processes,  easy  integration  with  CRM  appli¬ 
cations  and  the  means  to  maintain  regulatory  compliance.  What  they  don’t  want  are 
more  information  silos  or  another  sign-in  process. 

Sure,  they're  concerned  about  employees  blogging  off  the  cliff,  but  the  risk/reward 
analyses  are  falling  squarely  in  favor  of  all  this  being  more  than  a  fad. 

A  sickening  spam  scam 

Write  about  spam  long  enough  and  you  begin  to  think  like  a  spammer  —  at  least ! 
fear  it  is  so. 

Weeks  ago  !  was  reading  one  of  those  oh-so-scary  stories  about  Asian  bird  flu  and 
how  it's  only  a  matter  of  time  before  we're  all  hacking  up  lungs  in  some  hideously  over¬ 
flowing  hospital  emergency  room.This  particular  story  delved  into  the  drugTamiflu, 
which  may  or  may  not  prove  helpful  should  a  nasty  strain  of  the  flu  come  calling. 
Whether  or  not  it  works,  there's  not  nearly  enough  of  the  stuff  to  go  around,  according 
to  that  story. 

How  long,  I  wondered,  before  spammers  are  pitching  offers  for  bogusTamiflu  into 
our  in-boxes? 

Not  long,  it  turns  out.  According  to  SophosLabs,  spam  that  promises  access  to 
Tamiflu  online  is  already  landing  in  SophosLabs’  spam  traps.The  drug’s  manufac¬ 
turer  is  warning  that  the  offers  it  has  seen  are  bogus. 

In  the  world  of  spam  it’s  difficult  to  draw  fine  distinctions  between  dishonest  and 
despicable,  but  this  particular  scam  deserves  a  category  all  its  own.  Law  enforce¬ 
ment  has  limited  resources  to  pursue  this  type  of  crime,  but  this  case  is  worth 
expending  some. 

And,  hey,  all  of  you  amateur  spam  fighters  should  feel  encouraged  to  kick  in 
some  time. 

Unlike  spam, your  thoughts  are  always  welcome.  The  address  is  buzz@nww.com. 
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